Cisco PIX question

Posted on 2006-05-31
Medium Priority
Last Modified: 2010-03-19
Good Morning,
   I am helping a local ISP (Wireless Provider) with some issues they are having.  Here is the current scenario that they brought to me yesterday.

   They have a Cisco 501 PIX that is configured with their Public IP for a Segment of their wireless canopy.  They then have a static IP address assigned to a customers PIX 501 that connects to the inside interface of the PIX.

    What they would like to do is to have this customer also have a public IP Address on the Outside Interface on their own PIX Unit.

ISP PIX Int 0 (Outside) Public IP - ISP PIX Int 1 (Inside) Private IP - Clients PIX Int 0 (Outside) Wants a Public Address - Clients PIX Int 1 (inside) their own Network of Private IPs.

They want to have a Public IP routed through the ISP PIX and then do NATing to their FTP and Mail server on the Clients Private Network.

If it was a router it is possible I am not sure on a PIX.

Question by:tolsonkra
  • 2
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 16797634
The only thing that they can do is have a 1-1 static on the public-facing PIX
 static (inside,outside) <public IP> <private IP of Client PIX> netmask
access-list outside_in permit ip any host <public IP>
access-group outside_in in interface outside

The Client pix can then nat ftp and mail, but to the private IP of the interface:
static (inside,outside) tcp interface smtp <private mail server ip> smtp netmask
static (inside,outside) tcp interface ftp <private mail server ip> ftp netmask
static (inside,outside) tcp interface ftp-data <private mail server ip> ftp-data netmask
<approriate acls, applied, of course>
Anything hitting the public IP will be forwarded to the client PIX which will then be forwarded to the server(s)

Author Comment

ID: 16798592

I kind of thought that it would need to be this way.  I had most of it right.  I will let you know how it works.


Author Comment

ID: 16803127
  This config worked great.  Thanks.

LVL 79

Expert Comment

ID: 16804338
Glad to hear it!

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question