Hello,
I have a PIX 515 for testing purposes.
The DMZ interface is a private subnet attached to it.
On this DMZ, servers. Thore are having private ip addresses attached
Using the static command, those servers have an Internet IP
pix# sh global global (outside) 1 interface pix# sh static static (dmz-net,outside) 195.238.45.34 192.168.80.34 netmask
255.255.255.255 0 0 static (dmz-net,outside) 195.238.45.35 192.168.80.35 netmask 255.255.255.255 0 0 static (dmz-net,outside) 195.238.45.36 192.168.80.36 netmask 255.255.255.255 0 0 static (dmz-net,outside) 195.238.45.38 192.168.80.38 netmask 255.255.255.255 0 0 static (dmz-net,outside) 195.238.45.39 192.168.80.39 netmask 255.255.255.255 0 0 static (im-net,outside) 195.238.45.43 192.168.8.43 netmask 255.255.255.255 0 0 static (im-net,outside) 195.238.45.44 192.168.8.44 netmask 255.255.255.255 0 0 static (im-net,outside) 195.238.45.45 192.168.8.45 netmask 255.255.255.255 0 0 static (dmz-net,outside) 195.238.45.40 192.168.80.46 netmask 255.255.255.255 0 0 static (inside,dmz-net) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 pix#On the access-list which is gonna be applied *IN* on the dmz-net interface, do I have to specify the ip private ip address or the internet IP address of the server?
thank you very much,
/Edgar