PIX questions - nat, pat, nick nack paddy wack..... posted 11/15/2002
- Subject: PIX questions - nat, pat, nick nack paddy wack.....
- From: "Stong, Ian C [GMG]" <Ian.C.Stong@xxxxxxxxxxxxxxx>
- Date: Fri, 15 Nov 2002 13:31:55 -0600
Wanted to make sure I'm understanding the pix capabilities as it pertains to
nat and pat. It's a given that you can do dynamic many-to-one pat on hosts
- many hosts inside with private addresses can all share the same public IP
and access the internet and have responses redirected to them via PAT. You
can't of course initiate a connection to a PAT'd host from the internet
since they all share the same IP.
For NAT you can statically define one-to-one inside to outside mapping.
This allows an internal host with a private IP to access the internet and
have responses redirected to them via NAT. In addition you can initiate a
connection from the internet to that host since it's statically NAT'd. And
of course you can get to the host via DNS or IP since they can be statically
Now on to the questions (assuming the above is true of course)..... For
PAT'd hosts can you assign them public DNS names (I would say yes with
limits - you can only map each name to the one IP which doesn't correspond
to any particular host so not sure what benefit that would provide other
than generically defining all your internal hosts for systems that may
require a forward/reverse DNS entry).
For NAT'd can you dynamically versus statically NAT? If so how would that
work exactly, what would be the pros/cons. In addition how would you map
the IP to DNS entries (some sort of DDNS perhaps?)
Your thoughts are appreciated.