Yes you can as long as there is a route for it and it is already accessible
via the pix. Obviously you will need to make some acl changes if they are
not already there.

Kevin M. Horvath
CISSP, CCSP, GCIH, INFOSEC, CQS-FW, CQS-VPN, CQS-IDS, CCNA
SAIC - IT Security Division



-----Original Message-----
From: firewall-wizards-bounces@listserv.cybertrust.com
[mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of
William
Sent: Monday, October 02, 2006 2:31 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Static nat to a distant network?

Hi,

This is on my Cisco PIX 6.x

Is it possible to do a static nat from my outside interface to a host
which is one hop away from my dmz interface by just putting it in
normally:

static (dmz,outside) 10.1.1.200 10.1.3.200

where:
outside = 10.1.1.199
dmz = 10.1.2.199
distant network 10.1.3.0/24

Thank you.

W.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards