Thread: strange working of static nat
View Single Post
  #1 (permalink)  
Old 2008-04-15
sebastan_bach sebastan_bach is offline
Senior Member
  
Join Date: 2005-10-12
Posts: 321
Rep Power: 4
sebastan_bach has an average reputation (10+)
Send a message via Yahoo to sebastan_bach
Default strange working of static nat
hi all i have configured automatic static nat for a internal host to a public ip address. i have also created a policy permitting traffic form external hosts to the static nat address. and it works fine .

but when i have a policy in which i am permitting traffic form external hosts to the actual internal host ip address. it still works.

i am little amazed with this kind of working. am i going wrong anywhere.

in cisco and netscreen when we map a internal host to a external ip then the host can be reached only through the external ip and not the real ip even though a policy permits it.

i feel that's the true way of statically mapping a internal host to a external host so that people cannot reach the actual host ip address.

can someone pls clarify this behaviour of checkpoint.

regards

sebastan
Reply With Quote