Solved

PAT with two external addresses pix 506e 6.1

Posted on 2006-06-09
6
262 Views
Last Modified: 2010-08-05
Hi all,

 I have an internal address range of 192.168.1.0 and am running PAT.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface

I have two external addresses one that is assinged to the pix. The other isn't being used.  Here is what I would like to do.

1) I want all outbound traffic(expect below) to keep patting with the outside interfaces address. (web surfing)
2) Save the second ip address to use to port forward to internal services like Citrix, RDP, SQL ect.  

I don't want my port forwarded services fighting for ports with my users surfing the web.

Please help.



0
Comment
Question by:shard26
  • 3
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 400 total points
ID: 16875392
For the second ip;

static (inside, outside) tcp <second ip> <Port1> <insidemachineip1> <Port1> netmask 255.255.255.255

You can add similar statements by changing the 'insidemachineip' and 'Port'.

Then add access-list to allow this particular connection;

access-list <Name> permit ip any <Secondip> eq Port1

access-group <Name> in interface outside.

Cheers,
Rajesh
0
 
LVL 19

Accepted Solution

by:
nodisco earned 100 total points
ID: 16876735
Small correction to above -
access-list <Name> permit ip any <Secondip> eq Port1
should be:
access-list <Name> permit tcp any <Secondip> eq Port1

Replacing "ip" with the protocol that you are port forwarding - in this example, tcp.
I'm sure Rajesh agrees ;-)
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16877219
Having quite a time nodisco :-) Yes, the acl should've been the way you've posted.

Cheers,
Rajesh
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 4

Author Comment

by:shard26
ID: 16884911
tried so many things I can't be for sure but I thought I tried that?

Wont the global and NAT get in the way since they want to pat everything going outside?

The two workstation that I want to do port forwarding are on the same IP scheme as the rest of the workstations.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16885642
It will not shard26. All the outgoing connections will use port (source port) greater than 1024, so none of the defined service get objected by that. On the other hand you will be doing port forward for known services which use destination ports below 1024 (like 80 for web, 25 for smtp etc). So you can go ahead and use them.

Cheers,
Rajesh
0
 
LVL 4

Author Comment

by:shard26
ID: 16908868
Thanks all that did it
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question