Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PAT with two external addresses pix 506e 6.1

Posted on 2006-06-09
6
Medium Priority
?
266 Views
Last Modified: 2010-08-05
Hi all,

 I have an internal address range of 192.168.1.0 and am running PAT.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface

I have two external addresses one that is assinged to the pix. The other isn't being used.  Here is what I would like to do.

1) I want all outbound traffic(expect below) to keep patting with the outside interfaces address. (web surfing)
2) Save the second ip address to use to port forward to internal services like Citrix, RDP, SQL ect.  

I don't want my port forwarded services fighting for ports with my users surfing the web.

Please help.



0
Comment
Question by:shard26
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 1600 total points
ID: 16875392
For the second ip;

static (inside, outside) tcp <second ip> <Port1> <insidemachineip1> <Port1> netmask 255.255.255.255

You can add similar statements by changing the 'insidemachineip' and 'Port'.

Then add access-list to allow this particular connection;

access-list <Name> permit ip any <Secondip> eq Port1

access-group <Name> in interface outside.

Cheers,
Rajesh
0
 
LVL 19

Accepted Solution

by:
nodisco earned 400 total points
ID: 16876735
Small correction to above -
access-list <Name> permit ip any <Secondip> eq Port1
should be:
access-list <Name> permit tcp any <Secondip> eq Port1

Replacing "ip" with the protocol that you are port forwarding - in this example, tcp.
I'm sure Rajesh agrees ;-)
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16877219
Having quite a time nodisco :-) Yes, the acl should've been the way you've posted.

Cheers,
Rajesh
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 4

Author Comment

by:shard26
ID: 16884911
tried so many things I can't be for sure but I thought I tried that?

Wont the global and NAT get in the way since they want to pat everything going outside?

The two workstation that I want to do port forwarding are on the same IP scheme as the rest of the workstations.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16885642
It will not shard26. All the outgoing connections will use port (source port) greater than 1024, so none of the defined service get objected by that. On the other hand you will be doing port forward for known services which use destination ports below 1024 (like 80 for web, 25 for smtp etc). So you can go ahead and use them.

Cheers,
Rajesh
0
 
LVL 4

Author Comment

by:shard26
ID: 16908868
Thanks all that did it
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question