Thread: strange working of static nat
View Single Post
  #6 (permalink)  
Old 2008-04-15
lammbo lammbo is offline
Senior Member
  
Join Date: 2006-02-09
Location: Charleston, SC
Posts: 277
Rep Power: 3
lammbo has an average reputation (10+)
Default Re: strange working of static nat
Quote:
Originally Posted by sebastan_bach View Post
so in this i can the server being accessed on it;s private ip from intranet and at the same time have it access on public ip from internet.
As mcnallym said, yes. With a single host object using a static auto-NAT, you only need one rule with the single host object to control inbound access.

From the intranet, I would assume that you have your private IP published in DNS and the public IP in the MX record on the outside world. 1 rule fits all in this scenario and is my preferred method of deployment. After all, if you're willing to allow 'Any' as a source, then does it matter if it also covers internal users as well as external? Nope, no additional risk is involved so this is a good method.

Also as mcnallym mentioned, you always have the option to do the NAT manually as well. Be aware that if you do this on a Nokia appliance, you will need proxy ARP entries as well as the manual NAT rules. On rare occasion (with very unusual circumstances) I have had to use this method to make something work properly.
__________________
There's no place like 127.0.0.1
Last edited by lammbo; 2008-04-15 at 06:17.
Reply With Quote