?
Solved

Multiple external ip addresses with one cisco pix 501 firewall, no router

Posted on 2004-08-16
11
Medium Priority
?
2,104 Views
Last Modified: 2013-12-14
I have 3 computers which share the cable internet connection. I was wondering if my Cisco Pix 501 will be able to pass 3 dynamically assigned ips to my computers?  The ISP will allow me to have up to 5 ip addresses at no extra cost. From what i see, i'll need 4. One for the pix itself, and one for the three boxes.

Is this possible to do with what i have?
0
Comment
Question by:nagraves
  • 5
  • 4
  • 2
11 Comments
 
LVL 3

Expert Comment

by:snoopy13
ID: 11824489
what you can do is apply one of the legal routable address from your ISP to the outside interface of you Pix and a private address to the inside and use the global command to get pat form the Pix and you could have as many PC's as you want. You will be able to do static translation for web server or mail server if you have one.

ip address outside 193.x.x.x 255.255.255.0 (provided by ISP)
ip address inside 192.168.100.0 255.255.255.0

nat (inside) 1 192.168.100.0 255.255.255.0 0 0
global (outside) 1 interface


route outside 0.0.0.0 0.0.0.0 193.x.x.x 1(next hop router, default gateway)

0
 
LVL 4

Author Comment

by:nagraves
ID: 11825072
That doesn't answer the question. I would like the boxes to have their own external ip addresses behind the firewall.  Those IPs are dynamically assigned by my ISP. Is this possible, and how?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11834858
Why would you want them behind your firewall??  That kind of defeats the purpose.  If you pix supports a DMZ interface I would recommend that.  Then you can statically give them the IP address and go from there.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 4

Author Comment

by:nagraves
ID: 11834980
I have answered that:

> I would like the boxes to have their own external ip addresses behind the firewall.

I just do.  Is it possible with a PIX 501?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11835073
I do not know the pix... just trying to help on a infrastructure basis.  What if you put a switch on the modem and make that a DMZ.
Making suggestions w/o knowing your reasoning is kind of tough.  PLus I wont know the pix specific details.
0
 
LVL 4

Author Comment

by:nagraves
ID: 11835578
Various reasoning. Two of the computers both listen on port 80 for example. Instead of changing the apache configs I'd rather they each have their own external address, being that I'm entitled to them.  I am supposing this may be a pix-specific question, and perhaps I have asked it in the wrong area.
0
 
LVL 11

Accepted Solution

by:
Eric earned 500 total points
ID: 11835734
On my firewall, i can assign multiple public IP addressses to the external interface.  From tehre I can do one2one NAT or port forwarding by IP.
so  public IP x:80 forward to internal server A:80, and public IP y:80 forward to interanl server B:80

Thats How I deal with this and keep the network secure.   If you  need pix specific info try and repost... firewalls maybe the place to post if you know exactly what you want  your pix to do.

0
 
LVL 4

Author Comment

by:nagraves
ID: 11835785
That is the answer I was looking for:

>assign multiple public IP addressses to the external interface.  From tehre I can do >one2one NAT or port forwarding by IP.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11835945
cool.  Like i said if you find you need more help "firewalls" would be a good place to find some cisco help.
0
 
LVL 3

Expert Comment

by:snoopy13
ID: 11850627
The 501 does not have DMZ interface nor will ti allow multiple addresses on the interface. What you would have to do a one to one NAT so that the pc's will appear on the outside with that public addresses.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11851275
It will not allow you to create alias's for alteernate IP's?  That sucks.   I dont get all the cisco hype.  Im glade I got a watchguard firebox. :D
Almost everything accepts more than one IP these days... thats crap.  Shlt windows 2000/xp can have a kagillian.


0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question