 Re: same internal host mapped to 2 different static ip address
if your intranet users must use NAT then I would set it up as I have suggested in my (rather long) post above. Otherwise, what lammbo suggests is fine.
Assuming you still need to go with the longer option, as for the security policy rules that you suggest:
intranet | ext_ip1 | any | accept
intranet | ext_ip2 | any | drop <===== Not req'd if you have a Cleanup
__ANY_ | ext_ip1 | any | drop <=====Not Req'd if you have a Cleanup
__ANY_ | ext-ip2 | any | accept.
On their own they are not enough, you DO have to configure NAT Objects, Manual NAT rules, and Proxy Arps
*OFF TOPIC* you might want to restrict the services, and not use "any"
Last edited by coldark; 2008-04-15 at 08:09. |