• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

Public IP forward

Is it possible to forward my supplied public IP's from my 1720 router - through a Cisco PIX506E - to my hosts in the DMZ?  So it doesn't need to be natted into private IP's?  Currently my ISP forwards me a block of 32 IP's, which are on a different subnet than their gateway and the outside interface of my router.  I have the first forwarded public IP on the inside interface and the rest go to the websites, proxy server, etc.  I just want to put a PIX in between but not lose the non-natted setup.

I want this:

Gateway from ISP  ---------->  Outside  (1720)  Inside  -------->  outside  (PIX)  inside ---------->       hosts
    66.XX.XX.1                   66.XX.XX.2         66.XX.YY.94           ?????               ??????              66.XX.YY.65 - 93
  they forward 66.XX.YY.64-95                                             forward 66.XX.YY.64-95

If the PIX is not equipped to do this, would another router be able to and how?
2 Solutions
If you can get away with only 14 usable IPs in your DMZ, you can use 66.XX.YY.64/28 between your router and pix and put 66.XX.YY.80/28 in your DMZ.

Why you need do this?
PIX do translation (NAT) any time. You can configure pix for translating ip on same ip. ( non traslating )
You can try put on PIX ip outside 66.XX.YY.65 inside 66.XX.YY.66 and non translate other ips. maybe it will work, but why then you have pix there??
Better solution is translate this ip, if you want do access your servers from outside...
Please try explain why you need do this solution...
PopeyediceclayAuthor Commented:
Pascal- Do you mean subnet it?  Right now my subnet is, I can bump that up to and it will still work?  And use the other block of 16 on the DMZ?

mzelinka - The reason why I can't have NAT is because it doesn't work with some things, like Netmeeting
You can do it with a PIX, but as Pascal points out, you have to subnet what you have so that you have different subnets inside and outside the PIX.

Netmeeting certainly does work with NAT on a PIX.

Supported Multimedia Applications
PIX Firewall supports the following multimedia and video conferencing applications:

CUseeMe Networks CU-SeeMe
CUseeMe Networks CU-SeeMe Pro
CUseeMe Networks MeetingPoint
Intel Internet Video Phone
Microsoft NetMeeting
Microsoft NetShow
RealNetworks RealAudio and RealVideo
VDOnet VDOLive
VocalTec Internet Phone
VXtreme WebTheater
Xing StreamWorks


From Microsoft:
NetMeeting and other H.323 compliant audio/video programs are not designed to work with network address translation (NAT). NAT translates all IP addresses on a local area network (LAN) to a single routable IP address.

There are some T.120 and H.323 compliant NAT implementations that work with NetMeeting. To determine if your NAT connection is compliant, consult the documentation for your NAT product.

That first statement is patently false. Their reference is to PAT, or Port Address Translation, which might, or might not work - not NAT.
The PIX fits the category in the second statement.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now