Solved

Is it possible to map one public IP to several internal IPs using a Netscreen-5GT Firewall

Posted on 2006-11-01
3
191 Views
Last Modified: 2013-11-16
Hello,

I am trying to setup a network that will have one external IP address that will serve several internal servers that need to be accessed from the internet.  

The theory is that the initial URL of www.mytestbed.com (public IP of 24.29.113.49) would point to one internal server - Auth01 (192.168.1.10), then all corresponding messages would go to www1.mytestbed.com - Prod01 (192.168.1.20), but using the same public IP address but different internal server.  Is this at all possible?  

Thanks in advance,
Marc
0
Comment
Question by:marcr69
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 400 total points
ID: 17855996
It sounds like you want to implement an HTTP redirect from your initial server at 192.168.1.10 to then go to 192.168.1.20 for all subsequent HTTP traffic.  If this is correct, then I do not believe you can do this with port redirection statements in the PIX since you cannot redirect a single public IP address to point to two different internal servers using the same destination port, in this case TCP 80.

However, it may be possible to have your initial server (192.168.1.10) to perform a redirect to the same public IP address, but a DIFFERENT destination port.  For example,

24.29.113.49:80  ->  24.29.113.49:8080

So, when someone surfs to www.mytestbed.com and they get directed to 24.29.113.49:80, the initial server will respond with a redirect pointing the web browser to 24.29.113.49:8080 which would then point to the second server since it would have TCP 8080 as the destination of the redirect.  The traffic would still arrive on the normal TCP 80 at the second server because of the construction of the static port redirect statement shown below.  Here are the commands you could try to see if this will work (I'm not sure because I've never done this before):

static (inside,outside) tcp 24.29.113.49 80 192.168.1.10 80 netmask 255.255.255.255
static (inside,outside) tcp 24.29.113.49 8080 192.168.1.20 80 netmask 255.255.255.255

You will also need to modify your ACL applied to your outside interface to allow traffic to the above ports.  For example,

access-list acl_in permit tcp any host 24.29.113.49 eq 80
access-list acl_in permit tcp any host 24.29.113.49 eq 8080

Give it a shot and see if it works!
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 17856001
Never mind on the previous post...I just now read where you have a Netscreen firewall.  I wrote the previous answer for a Cisco PIX firewall.  So sorry!
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 100 total points
ID: 17868490
Can't do what you're asking, for that you need to have some kind of redirection in your webserver itself. Can't do with both Cisco and Netscreen.

However if you want to access both the servers at the same time but just with one IP address, it is possible using VIP

Cheers,
Rajesh
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco IP Phone upgrade 3 27
nexus filter logs 3 44
Auto Voice Respond from Pilot no from UC560 1 25
Linking Cisco Core switches together 6 4
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question