Solved

Cisco Pix 501 Multiple outside ip address

Posted on 2004-09-27
3
861 Views
Last Modified: 2012-06-21
I have a Pix 501 setup and running with 1 outside IP address.  I have a couple servers behind it so I have some static route lines that route certain ports to one of the 2 servers.  I have 4 additional ip addresses available to me and I would like to use one of them.  For the purposes of this question, let's say I want to set a second web server behind the pix.  port 80 one the first IP address is already being directed to one of my existing servers.  I want to have the PIX accept requests from the 2nd ip address on port 80 and send them to the new web server (on port 80).  I know how to setup the static route and access-list.  However, where do I define that 2nd ip address?  or 3rd or 4th ip address for that matter.
0
Comment
Question by:ErnieExpert
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 12163717
Example config:

ip address outside 23.34.56.7 255.255.255.248

global (outside) 1 interface
nat (inside) 1 0 0
static (inside,outside) tcp interface 80 192.168.1.100 80

To add, simply add more statics:
static (inside, outside) <public iP #2> 192.168.1.102 netmask 255.255.255.255
static (inside, outside) <public iP #3> 192.168.1.103 netmask 255.255.255.255
static (inside, outside) <public iP #4> 192.168.1.104 netmask 255.255.255.255

Now you simply add to the inbound acl list:

access-list inbound permit tcp any host <public ip #2> eq www
access-list inbound permit tcp any host <public ip #3> eq ftp
access-list inbound permit tcp any host <public ip #4> eq pop3


0
 
LVL 2

Author Comment

by:ErnieExpert
ID: 12239808
Well I guess I already new what to do then, but thanks for confirming.  I was confused because I thought that I would have to define the other ip addresses beyond just putting them in the access list and static routes, but apparently not.  I put the lines in as you suggested and it is working great.
0
 

Expert Comment

by:Sammie22
ID: 12330582
I am in a similar situation. I have six global ip's, and four servers in a data center.  Ideally, I would like the four server's global IP's to remain on the servers, and have the PIX 501 do packet filtering only. However, that doesn't seem possible (from what I have found). I guess you have to assign the inside to a private network, and give the wan interface and outside (global) ip?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ESXI home lab network setup (KISS) 12 179
Packet Tracer Router to Router 10 81
Add Mac address reservation to Sonicwall TZ 210 router 1 62
EIGRP Bandwidth 9 18
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question