Static Mapping

Hi,

Am I missing something? The previous administrator has the pix 515 setup like this:

static (dmz,outside) 66.18.191.114 192.168.34.33 netmask 255.255.255.255 0 0
static (dmz,outside) 66.18.191.116 192.168.34.34 netmask 255.255.255.255 0 0
static (dmz,outside) 66.18.191.111 192.168.34.35 netmask 255.255.255.255 0 0

The 66.18.191 is public network
The 192.168.34 is DMZ

192.168.34.33, 192.168.34.34, and 192.168.34.35 is the same server. A webserver. Shouldn't I only need one static per server? There are three web sites on the server. I see the need to have three public ip one for each site. Wouldn't it work if all three sites had the same public ip address since they are all three going to the same place?

Thanks,

Donnie
LVL 12
Donnie4572Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bltztechCommented:
It really depends on how the Webserver is setup. You would only need one IP if you are reading the headers and directing the traffice based on the referrer. From what you have posted, it seems as though you have a one to one nat setup. One for each website.

If you look at IIS (assuming its windows) each website is directed to listen on a different Ip, one on 192.168.34.33, one on .34 and the third on .35

Are you short on external IP's? I would be more than happy to help you convert this to where you only need 1 ip for all your pages if that is what you would like to do. If you have plenty of external addresses, personally I would leave it alone, unless there is another reason you want to change it. I like using the theory of KEEP IT SIMPLE


Hope this helps

Z

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Donnie4572Author Commented:
Thanks for quick reply.
Yes, this is windows 2000
Yes, I am short of IP's. I have 0 ip's left and need one soon. When you say convert you mean IIS and Pix. right? Each web site has it's own ip address. There is two nics in the server one has two ip addresses and the other has one ip address

Would it take a drastic change to IIS? I suppose I could purchase another block of addresses. Also, two of the sites are using SSL certificates which makes it harder.

bltztechCommented:
Granted.. it is a little harder with the SSL Certs come into play. What would the cost be for another block? You say you need an address shortly, how about long term? If you foresee needing more addresses down the road another block make sense as you are only robbing peter to pay paul this go around.

You could also (although not the best solution) play around with ports instead of IP's. For instance, you can have one website on port 80 another on 8080 another on 8081 and so on (starts to get a little ugly).

I vote for the block depending on your future needs

Z
Donnie4572Author Commented:
I see what you mean. I do not want to change the sites unless it is a last resort. My ISP says I cannot have IP addresses added to my block. They want to convert my ip's to a completly different range. Thanks for your help. I will re post if I must make the changes to the web sites.
bltztechCommented:
Ok,

Best of luck to you. When converting to a whole new set of IP's, you should ask that they assign the new block to you and leave the old block in place so you make a transition and allow time for all the DNS servers to catch up with the change

Take care

Z
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.