Improve company productivity with a Business Account.Sign Up

x
?
Solved

PAT with two external addresses pix 506e 6.1

Posted on 2006-06-09
6
Medium Priority
?
270 Views
Last Modified: 2010-08-05
Hi all,

 I have an internal address range of 192.168.1.0 and am running PAT.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface

I have two external addresses one that is assinged to the pix. The other isn't being used.  Here is what I would like to do.

1) I want all outbound traffic(expect below) to keep patting with the outside interfaces address. (web surfing)
2) Save the second ip address to use to port forward to internal services like Citrix, RDP, SQL ect.  

I don't want my port forwarded services fighting for ports with my users surfing the web.

Please help.



0
Comment
Question by:shard26
  • 3
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 1600 total points
ID: 16875392
For the second ip;

static (inside, outside) tcp <second ip> <Port1> <insidemachineip1> <Port1> netmask 255.255.255.255

You can add similar statements by changing the 'insidemachineip' and 'Port'.

Then add access-list to allow this particular connection;

access-list <Name> permit ip any <Secondip> eq Port1

access-group <Name> in interface outside.

Cheers,
Rajesh
0
 
LVL 19

Accepted Solution

by:
nodisco earned 400 total points
ID: 16876735
Small correction to above -
access-list <Name> permit ip any <Secondip> eq Port1
should be:
access-list <Name> permit tcp any <Secondip> eq Port1

Replacing "ip" with the protocol that you are port forwarding - in this example, tcp.
I'm sure Rajesh agrees ;-)
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16877219
Having quite a time nodisco :-) Yes, the acl should've been the way you've posted.

Cheers,
Rajesh
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
LVL 4

Author Comment

by:shard26
ID: 16884911
tried so many things I can't be for sure but I thought I tried that?

Wont the global and NAT get in the way since they want to pat everything going outside?

The two workstation that I want to do port forwarding are on the same IP scheme as the rest of the workstations.

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16885642
It will not shard26. All the outgoing connections will use port (source port) greater than 1024, so none of the defined service get objected by that. On the other hand you will be doing port forward for known services which use destination ports below 1024 (like 80 for web, 25 for smtp etc). So you can go ahead and use them.

Cheers,
Rajesh
0
 
LVL 4

Author Comment

by:shard26
ID: 16908868
Thanks all that did it
0

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

OnPage has always empowered IT teams but also amplify alerting capabilities. In the following slides you will see 5 features of OnPage that act as important tools for any IT team to resolve incidents faster
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question