Cisco PIX 501-50 need External IP Addresses to be used Internal
Posted on 2004-10-19
The company I work for recently leased rack space from a local datacenter in order to co-locate a few of our client’s servers there.
After doing a bit of research we decided to purchase a Cisco PIX 501-50 to go in front of the 3 servers (all running Linux) we are going to co-locate. One problem: I am not Cisco trained nor do I care to be (Although I respect those that are.).
The servers behind my PIX are going to be used mainly for web applications that our company develops. We are also going to also place a server of our own in the rack to sell web space to end users.
I know that I could assign internal 192.168.x.x addresses to our machines behind the PIX. This would be the easiest scenario, and believe me I would love to do just that. The problem is that all three of the servers behind our PIX need external (real internet) IPs assigned to them. We have about 50 Internet IPs that the data center has assigned to our rack.
Here is my diagram:
Internet IP Range 220.127.116.11-50 -----> PIX -----> Server 1 (18.104.22.168-15)
Server 2 (22.214.171.124-20)
Server 3 (126.96.36.199-50)
I still need the PIX to do firewall duties such as forwarding / blocking ports and things of that nature.
Anyone know how to make this happen? I know the Netscreen can do this (as I have a managed server on RackSpace that has an external IP behind a Netscreen) but I don’t know how (or even if it is possible) to make the Cisco PIX 501-50 do this.
Another side note: The PIX is sitting here in front of me in the box still. We deploy next week, so I can’t do any trial and error troubleshooting.