Solved

Multiple external ip addresses with one cisco pix 501 firewall, no router

Posted on 2004-08-16
11
2,081 Views
Last Modified: 2013-12-14
I have 3 computers which share the cable internet connection. I was wondering if my Cisco Pix 501 will be able to pass 3 dynamically assigned ips to my computers?  The ISP will allow me to have up to 5 ip addresses at no extra cost. From what i see, i'll need 4. One for the pix itself, and one for the three boxes.

Is this possible to do with what i have?
0
Comment
Question by:nagraves
  • 5
  • 4
  • 2
11 Comments
 
LVL 3

Expert Comment

by:snoopy13
ID: 11824489
what you can do is apply one of the legal routable address from your ISP to the outside interface of you Pix and a private address to the inside and use the global command to get pat form the Pix and you could have as many PC's as you want. You will be able to do static translation for web server or mail server if you have one.

ip address outside 193.x.x.x 255.255.255.0 (provided by ISP)
ip address inside 192.168.100.0 255.255.255.0

nat (inside) 1 192.168.100.0 255.255.255.0 0 0
global (outside) 1 interface


route outside 0.0.0.0 0.0.0.0 193.x.x.x 1(next hop router, default gateway)

0
 
LVL 4

Author Comment

by:nagraves
ID: 11825072
That doesn't answer the question. I would like the boxes to have their own external ip addresses behind the firewall.  Those IPs are dynamically assigned by my ISP. Is this possible, and how?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11834858
Why would you want them behind your firewall??  That kind of defeats the purpose.  If you pix supports a DMZ interface I would recommend that.  Then you can statically give them the IP address and go from there.
0
 
LVL 4

Author Comment

by:nagraves
ID: 11834980
I have answered that:

> I would like the boxes to have their own external ip addresses behind the firewall.

I just do.  Is it possible with a PIX 501?
0
 
LVL 11

Expert Comment

by:Eric
ID: 11835073
I do not know the pix... just trying to help on a infrastructure basis.  What if you put a switch on the modem and make that a DMZ.
Making suggestions w/o knowing your reasoning is kind of tough.  PLus I wont know the pix specific details.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Author Comment

by:nagraves
ID: 11835578
Various reasoning. Two of the computers both listen on port 80 for example. Instead of changing the apache configs I'd rather they each have their own external address, being that I'm entitled to them.  I am supposing this may be a pix-specific question, and perhaps I have asked it in the wrong area.
0
 
LVL 11

Accepted Solution

by:
Eric earned 125 total points
ID: 11835734
On my firewall, i can assign multiple public IP addressses to the external interface.  From tehre I can do one2one NAT or port forwarding by IP.
so  public IP x:80 forward to internal server A:80, and public IP y:80 forward to interanl server B:80

Thats How I deal with this and keep the network secure.   If you  need pix specific info try and repost... firewalls maybe the place to post if you know exactly what you want  your pix to do.

0
 
LVL 4

Author Comment

by:nagraves
ID: 11835785
That is the answer I was looking for:

>assign multiple public IP addressses to the external interface.  From tehre I can do >one2one NAT or port forwarding by IP.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11835945
cool.  Like i said if you find you need more help "firewalls" would be a good place to find some cisco help.
0
 
LVL 3

Expert Comment

by:snoopy13
ID: 11850627
The 501 does not have DMZ interface nor will ti allow multiple addresses on the interface. What you would have to do a one to one NAT so that the pc's will appear on the outside with that public addresses.
0
 
LVL 11

Expert Comment

by:Eric
ID: 11851275
It will not allow you to create alias's for alteernate IP's?  That sucks.   I dont get all the cisco hype.  Im glade I got a watchguard firebox. :D
Almost everything accepts more than one IP these days... thats crap.  Shlt windows 2000/xp can have a kagillian.


0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now