Solved

Public IP forward

Posted on 2004-04-06
4
476 Views
Last Modified: 2010-04-17
Is it possible to forward my supplied public IP's from my 1720 router - through a Cisco PIX506E - to my hosts in the DMZ?  So it doesn't need to be natted into private IP's?  Currently my ISP forwards me a block of 32 IP's, which are on a different subnet than their gateway and the outside interface of my router.  I have the first forwarded public IP on the inside interface and the rest go to the websites, proxy server, etc.  I just want to put a PIX in between but not lose the non-natted setup.

I want this:

Gateway from ISP  ---------->  Outside  (1720)  Inside  -------->  outside  (PIX)  inside ---------->       hosts
    66.XX.XX.1                   66.XX.XX.2         66.XX.YY.94           ?????               ??????              66.XX.YY.65 - 93
  they forward 66.XX.YY.64-95                                             forward 66.XX.YY.64-95

If the PIX is not equipped to do this, would another router be able to and how?
0
Comment
Question by:Popeyediceclay
4 Comments
 
LVL 6

Accepted Solution

by:
Pascal666 earned 65 total points
ID: 10772833
If you can get away with only 14 usable IPs in your DMZ, you can use 66.XX.YY.64/28 between your router and pix and put 66.XX.YY.80/28 in your DMZ.

-Pascal
0
 

Expert Comment

by:mzelinka
ID: 10772841
Why you need do this?
PIX do translation (NAT) any time. You can configure pix for translating ip on same ip. ( non traslating )
You can try put on PIX ip outside 66.XX.YY.65 inside 66.XX.YY.66 and non translate other ips. maybe it will work, but why then you have pix there??
Better solution is translate this ip, if you want do access your servers from outside...
Please try explain why you need do this solution...
0
 
LVL 3

Author Comment

by:Popeyediceclay
ID: 10775054
Pascal- Do you mean subnet it?  Right now my subnet is 255.255.255.224, I can bump that up to 255.255.255.240 and it will still work?  And use the other block of 16 on the DMZ?

mzelinka - The reason why I can't have NAT is because it doesn't work with some things, like Netmeeting
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 60 total points
ID: 10776112
You can do it with a PIX, but as Pascal points out, you have to subnet what you have so that you have different subnets inside and outside the PIX.

Netmeeting certainly does work with NAT on a PIX.

Supported Multimedia Applications
PIX Firewall supports the following multimedia and video conferencing applications:

CUseeMe Networks CU-SeeMe
CUseeMe Networks CU-SeeMe Pro
CUseeMe Networks MeetingPoint
Intel Internet Video Phone
Microsoft NetMeeting
Microsoft NetShow
NetMeeting
RealNetworks RealAudio and RealVideo
VDOnet VDOLive
VocalTec Internet Phone
VXtreme WebTheater
Xing StreamWorks

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb727.html

From Microsoft:
NetMeeting and other H.323 compliant audio/video programs are not designed to work with network address translation (NAT). NAT translates all IP addresses on a local area network (LAN) to a single routable IP address.

There are some T.120 and H.323 compliant NAT implementations that work with NetMeeting. To determine if your NAT connection is compliant, consult the documentation for your NAT product.

That first statement is patently false. Their reference is to PAT, or Port Address Translation, which might, or might not work - not NAT.
The PIX fits the category in the second statement.

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now