PIX 515E with a pool of 14 Public IP Addresses, NAT/PAT Question.

Posted on 2004-03-10
Medium Priority
Last Modified: 2010-04-08
We are planning a PIX install.  I have a pool of 14 Public IP Addresses that are free (it is a class C 204.x.x.x/26 network that has been subnetted down even further.  So actually the 14 addresses would be like 204.x.x.x/28).  I plan on using a 204.x.x.x/30 for the outside interface and the router so that would be a seperate network.  We have quite a bit of people who use the internet on our network.  Probably 150 or so connections at any given time for mainly research.  So my question is this: would it be beneficial to setup our PIX with that pool of public ip addresses or would it be better to just use the 1 public IP Address on the outside interface and PAT?  Or both?

Also, we have one server that resides on the inside interface that must have a public IP or it will not function correctly.  So I can't really use NAT for it!  What do I have to do about that one?

I guess I am really looking for some good advice here since I know my IOS stuff but I am not so clear yet on the PIX.  Many thanks!!!
Question by:USMCLobo

Accepted Solution

hawgpig earned 2000 total points
ID: 10572019
   Definately PAT...Keep your other public IPs for use in translations. use these commands
global (outside) 1 interface
nat (inside) 1 0 0

This will PAT everyone on the inside out as your interface address.

If you have a server that needs to stay the same address use the static statement...
static (inside,outside) [the ip for the server] [the ip for the server] netmask
static (inside,outside) 204.x.x.x 204.x.x.x netmask

make sure you create an access-list to the server if traffic is initated from the outside of the firewall to the server services.
access-list inbound permit tcp any host 204.x.x.x eq 25

ALSO, check your version of code on the pix.....MAKE SURE you are on a stable code....
DO NOT USE 6.3.1 or 6.3.2....both are EXTREAMLY BUGGY
if you can go to the most recent general deployment 6.2.3 or if you need some feature of 6.3.x then go to 6.3.3 or the latest 6.3.x code....

Good Luck


Author Comment

ID: 10601025
Thanks for the response hawgpig.  That worked!

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question