Solved

PAT with two external addresses pix 506e 6.1

Posted on 2006-06-09
6
261 Views
Last Modified: 2010-08-05
Hi all,

 I have an internal address range of 192.168.1.0 and am running PAT.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface

I have two external addresses one that is assinged to the pix. The other isn't being used.  Here is what I would like to do.

1) I want all outbound traffic(expect below) to keep patting with the outside interfaces address. (web surfing)
2) Save the second ip address to use to port forward to internal services like Citrix, RDP, SQL ect.  

I don't want my port forwarded services fighting for ports with my users surfing the web.

Please help.



0
Comment
Question by:shard26
  • 3
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 400 total points
ID: 16875392
For the second ip;

static (inside, outside) tcp <second ip> <Port1> <insidemachineip1> <Port1> netmask 255.255.255.255

You can add similar statements by changing the 'insidemachineip' and 'Port'.

Then add access-list to allow this particular connection;

access-list <Name> permit ip any <Secondip> eq Port1

access-group <Name> in interface outside.

Cheers,
Rajesh
0
 
LVL 19

Accepted Solution

by:
nodisco earned 100 total points
ID: 16876735
Small correction to above -
access-list <Name> permit ip any <Secondip> eq Port1
should be:
access-list <Name> permit tcp any <Secondip> eq Port1

Replacing "ip" with the protocol that you are port forwarding - in this example, tcp.
I'm sure Rajesh agrees ;-)
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16877219
Having quite a time nodisco :-) Yes, the acl should've been the way you've posted.

Cheers,
Rajesh
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Author Comment

by:shard26
ID: 16884911
tried so many things I can't be for sure but I thought I tried that?

Wont the global and NAT get in the way since they want to pat everything going outside?

The two workstation that I want to do port forwarding are on the same IP scheme as the rest of the workstations.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16885642
It will not shard26. All the outgoing connections will use port (source port) greater than 1024, so none of the defined service get objected by that. On the other hand you will be doing port forward for known services which use destination ports below 1024 (like 80 for web, 25 for smtp etc). So you can go ahead and use them.

Cheers,
Rajesh
0
 
LVL 4

Author Comment

by:shard26
ID: 16908868
Thanks all that did it
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router DMZ 5 79
capture pcap with filtered traffic 1 68
using BGP Attributes 2 89
The purpose of using BGP 33 102
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question