[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

Public IP forward

Is it possible to forward my supplied public IP's from my 1720 router - through a Cisco PIX506E - to my hosts in the DMZ?  So it doesn't need to be natted into private IP's?  Currently my ISP forwards me a block of 32 IP's, which are on a different subnet than their gateway and the outside interface of my router.  I have the first forwarded public IP on the inside interface and the rest go to the websites, proxy server, etc.  I just want to put a PIX in between but not lose the non-natted setup.

I want this:

Gateway from ISP  ---------->  Outside  (1720)  Inside  -------->  outside  (PIX)  inside ---------->       hosts
    66.XX.XX.1                   66.XX.XX.2         66.XX.YY.94           ?????               ??????              66.XX.YY.65 - 93
  they forward 66.XX.YY.64-95                                             forward 66.XX.YY.64-95

If the PIX is not equipped to do this, would another router be able to and how?
0
Popeyediceclay
Asked:
Popeyediceclay
2 Solutions
 
Pascal666Commented:
If you can get away with only 14 usable IPs in your DMZ, you can use 66.XX.YY.64/28 between your router and pix and put 66.XX.YY.80/28 in your DMZ.

-Pascal
0
 
mzelinkaCommented:
Why you need do this?
PIX do translation (NAT) any time. You can configure pix for translating ip on same ip. ( non traslating )
You can try put on PIX ip outside 66.XX.YY.65 inside 66.XX.YY.66 and non translate other ips. maybe it will work, but why then you have pix there??
Better solution is translate this ip, if you want do access your servers from outside...
Please try explain why you need do this solution...
0
 
PopeyediceclayAuthor Commented:
Pascal- Do you mean subnet it?  Right now my subnet is 255.255.255.224, I can bump that up to 255.255.255.240 and it will still work?  And use the other block of 16 on the DMZ?

mzelinka - The reason why I can't have NAT is because it doesn't work with some things, like Netmeeting
0
 
lrmooreCommented:
You can do it with a PIX, but as Pascal points out, you have to subnet what you have so that you have different subnets inside and outside the PIX.

Netmeeting certainly does work with NAT on a PIX.

Supported Multimedia Applications
PIX Firewall supports the following multimedia and video conferencing applications:

CUseeMe Networks CU-SeeMe
CUseeMe Networks CU-SeeMe Pro
CUseeMe Networks MeetingPoint
Intel Internet Video Phone
Microsoft NetMeeting
Microsoft NetShow
NetMeeting
RealNetworks RealAudio and RealVideo
VDOnet VDOLive
VocalTec Internet Phone
VXtreme WebTheater
Xing StreamWorks

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb727.html

From Microsoft:
NetMeeting and other H.323 compliant audio/video programs are not designed to work with network address translation (NAT). NAT translates all IP addresses on a local area network (LAN) to a single routable IP address.

There are some T.120 and H.323 compliant NAT implementations that work with NetMeeting. To determine if your NAT connection is compliant, consult the documentation for your NAT product.

That first statement is patently false. Their reference is to PAT, or Port Address Translation, which might, or might not work - not NAT.
The PIX fits the category in the second statement.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now