Pix 501 - Multiple outside IP's

We have a pix 501.

our isp has given us a range of IP addresses - 63

on this pix I want to use:

Is it possible to set all 3 up on the outside interface.

(I will be re-routing them later .61 will goto .60 port 62)

Who is Participating?
Did you clear xlate?

pix#clear xlate

Then try again.
Just to confirm - you are using a remote site or having a remote user try this, and you are not on your local lan trying to access the public IP's for testing?
All you have to do is create static xlates

ip address outside

static (inside,outside)
static (inside,outside)

Simoply by virtue of the subnet mask applied to the outside interface, and the ISP reserving these IP's for your use, you have access to those public IP's any time you like using statics. You don't have to use them until you are ready, and you don't have to do anything special to "set them up on the outside interface"
What exactly are you looking to accomplish?

The outside interface has one ip address but you can assign global outside addresses for all of your pool if you wish.
Or you can create static translations to outside ip addresses ie Allow 3 servers to be accessible on the 3 addresses above via a static translation.

If you post your config and give a description of what you wish to achieve and it will be easier to assist

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

FPCSAuthor Commented:
We have a webserver that has 3 websites port 80 ,82, 84

we want for port 80 to goto port 82 to goto port 84


PIX Version 6.3(1)                  
interface ethernet0 auto                        
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password  encrypted                                          
passwd  encrypted                                
hostname pixfirewall                    
domain-name ciscopix.com                        
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol ils 389                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp                      
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
access-list outside_access_in permit tcp any host                                                              
access-list outside_in permit tcp any host eq www                                                              
access-list outside_in permit tcp any host eq www                                                              
access-list outside_in permit tcp any host eq www                                                              
pager lines 24              
mtu outside 1500                
mtu inside 1500              
ip address outside                                              
ip address inside                                        
ip audit info action alarm                          
ip audit attack a                
pdm location inside                                            
pdm logging informational 100                            
pdm history enable                  
arp timeout 14400                
global (outside) 1 interface                            
nat (inside) 1 0 0                                  
static (inside,outside) tcp www www netmask                                                                            
55 0 0      
static (inside,outside) tcp www 82 netmask                                                                                
5 0 0    
static (inside,outside) tcp www 84 netmask                                                                                
5 0 0    
access-group outside_access_in in interface outside                                                  
route outside                          
timeout xlate 0:05:00                    
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00  
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
static (inside,outside) tcp www www netmask 0 0      
static (inside,outside) tcp www 82 netmask 0 0    
static (inside,outside) tcp www 84 netmask

What you have is exactly how you do it. What's not working?
You might try disabling fixup http if you're using different ports
  no fixup protocol http 80

FPCSAuthor Commented:
I have removed the Fixup http, But still not working.

I can get to the web page at .60 but .61 + .62 time out

I can get to both the pages by using .60:82 and .60:84

This is for testing purposes only, just to help rule out some possibilities...

add these to the access-list:
access-list outside_access_in permit tcp any host eq www
access-list outside_access_in permit tcp any host eq 82
access-list outside_access_in permit tcp any host eq 84

static (inside,outside) tcp 82 82 netmask 0 0    
static (inside,outside) tcp 84 84 netmask

Now can you access the pages using .61:82 and .62:84 ?

FPCSAuthor Commented:
No I cannot access using  .61:82 and .62:84  :(

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.