Learn how to a build a cloud-first strategyRegister Now


Pix 501 - Multiple outside IP's

Posted on 2005-05-05
Medium Priority
Last Modified: 2010-04-08
We have a pix 501.

our isp has given us a range of IP addresses - 63

on this pix I want to use:

Is it possible to set all 3 up on the outside interface.

(I will be re-routing them later .61 will goto .60 port 62)

Question by:FPCS
  • 4
  • 3
LVL 79

Expert Comment

ID: 13935141
All you have to do is create static xlates

ip address outside

static (inside,outside)
static (inside,outside)

Simoply by virtue of the subnet mask applied to the outside interface, and the ISP reserving these IP's for your use, you have access to those public IP's any time you like using statics. You don't have to use them until you are ready, and you don't have to do anything special to "set them up on the outside interface"
LVL 19

Expert Comment

ID: 13935164
What exactly are you looking to accomplish?

The outside interface has one ip address but you can assign global outside addresses for all of your pool if you wish.
Or you can create static translations to outside ip addresses ie Allow 3 servers to be accessible on the 3 addresses above via a static translation.

If you post your config and give a description of what you wish to achieve and it will be easier to assist


Author Comment

ID: 13936352
We have a webserver that has 3 websites port 80 ,82, 84

we want for port 80 to goto port 82 to goto port 84


PIX Version 6.3(1)                  
interface ethernet0 auto                        
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password  encrypted                                          
passwd  encrypted                                
hostname pixfirewall                    
domain-name ciscopix.com                        
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol ils 389                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp                      
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
access-list outside_access_in permit tcp any host                                                              
access-list outside_in permit tcp any host eq www                                                              
access-list outside_in permit tcp any host eq www                                                              
access-list outside_in permit tcp any host eq www                                                              
pager lines 24              
mtu outside 1500                
mtu inside 1500              
ip address outside                                              
ip address inside                                        
ip audit info action alarm                          
ip audit attack a                
pdm location inside                                            
pdm logging informational 100                            
pdm history enable                  
arp timeout 14400                
global (outside) 1 interface                            
nat (inside) 1 0 0                                  
static (inside,outside) tcp www www netmask                                                                            
55 0 0      
static (inside,outside) tcp www 82 netmask                                                                                
5 0 0    
static (inside,outside) tcp www 84 netmask                                                                                
5 0 0    
access-group outside_access_in in interface outside                                                  
route outside                          
timeout xlate 0:05:00                    
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00  
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 79

Expert Comment

ID: 13937658
static (inside,outside) tcp www www netmask 0 0      
static (inside,outside) tcp www 82 netmask 0 0    
static (inside,outside) tcp www 84 netmask

What you have is exactly how you do it. What's not working?
You might try disabling fixup http if you're using different ports
  no fixup protocol http 80


Author Comment

ID: 13938419
I have removed the Fixup http, But still not working.

I can get to the web page at .60 but .61 + .62 time out

I can get to both the pages by using .60:82 and .60:84

LVL 79

Expert Comment

ID: 13939117
This is for testing purposes only, just to help rule out some possibilities...

add these to the access-list:
access-list outside_access_in permit tcp any host eq www
access-list outside_access_in permit tcp any host eq 82
access-list outside_access_in permit tcp any host eq 84

static (inside,outside) tcp 82 82 netmask 0 0    
static (inside,outside) tcp 84 84 netmask

Now can you access the pages using .61:82 and .62:84 ?


Author Comment

ID: 13939384
No I cannot access using  .61:82 and .62:84  :(

LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 13939438
Did you clear xlate?

pix#clear xlate

Then try again.
Just to confirm - you are using a remote site or having a remote user try this, and you are not on your local lan trying to access the public IP's for testing?

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 4 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question