Solved

Public IP forward

Posted on 2004-04-06
4
479 Views
Last Modified: 2010-04-17
Is it possible to forward my supplied public IP's from my 1720 router - through a Cisco PIX506E - to my hosts in the DMZ?  So it doesn't need to be natted into private IP's?  Currently my ISP forwards me a block of 32 IP's, which are on a different subnet than their gateway and the outside interface of my router.  I have the first forwarded public IP on the inside interface and the rest go to the websites, proxy server, etc.  I just want to put a PIX in between but not lose the non-natted setup.

I want this:

Gateway from ISP  ---------->  Outside  (1720)  Inside  -------->  outside  (PIX)  inside ---------->       hosts
    66.XX.XX.1                   66.XX.XX.2         66.XX.YY.94           ?????               ??????              66.XX.YY.65 - 93
  they forward 66.XX.YY.64-95                                             forward 66.XX.YY.64-95

If the PIX is not equipped to do this, would another router be able to and how?
0
Comment
Question by:Popeyediceclay
4 Comments
 
LVL 6

Accepted Solution

by:
Pascal666 earned 65 total points
ID: 10772833
If you can get away with only 14 usable IPs in your DMZ, you can use 66.XX.YY.64/28 between your router and pix and put 66.XX.YY.80/28 in your DMZ.

-Pascal
0
 

Expert Comment

by:mzelinka
ID: 10772841
Why you need do this?
PIX do translation (NAT) any time. You can configure pix for translating ip on same ip. ( non traslating )
You can try put on PIX ip outside 66.XX.YY.65 inside 66.XX.YY.66 and non translate other ips. maybe it will work, but why then you have pix there??
Better solution is translate this ip, if you want do access your servers from outside...
Please try explain why you need do this solution...
0
 
LVL 3

Author Comment

by:Popeyediceclay
ID: 10775054
Pascal- Do you mean subnet it?  Right now my subnet is 255.255.255.224, I can bump that up to 255.255.255.240 and it will still work?  And use the other block of 16 on the DMZ?

mzelinka - The reason why I can't have NAT is because it doesn't work with some things, like Netmeeting
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 60 total points
ID: 10776112
You can do it with a PIX, but as Pascal points out, you have to subnet what you have so that you have different subnets inside and outside the PIX.

Netmeeting certainly does work with NAT on a PIX.

Supported Multimedia Applications
PIX Firewall supports the following multimedia and video conferencing applications:

CUseeMe Networks CU-SeeMe
CUseeMe Networks CU-SeeMe Pro
CUseeMe Networks MeetingPoint
Intel Internet Video Phone
Microsoft NetMeeting
Microsoft NetShow
NetMeeting
RealNetworks RealAudio and RealVideo
VDOnet VDOLive
VocalTec Internet Phone
VXtreme WebTheater
Xing StreamWorks

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb727.html

From Microsoft:
NetMeeting and other H.323 compliant audio/video programs are not designed to work with network address translation (NAT). NAT translates all IP addresses on a local area network (LAN) to a single routable IP address.

There are some T.120 and H.323 compliant NAT implementations that work with NetMeeting. To determine if your NAT connection is compliant, consult the documentation for your NAT product.

That first statement is patently false. Their reference is to PAT, or Port Address Translation, which might, or might not work - not NAT.
The PIX fits the category in the second statement.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question