[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Is it possible to map one public IP to several internal IPs using a Netscreen-5GT Firewall

Posted on 2006-11-01
3
Medium Priority
?
204 Views
Last Modified: 2013-11-16
Hello,

I am trying to setup a network that will have one external IP address that will serve several internal servers that need to be accessed from the internet.  

The theory is that the initial URL of www.mytestbed.com (public IP of 24.29.113.49) would point to one internal server - Auth01 (192.168.1.10), then all corresponding messages would go to www1.mytestbed.com - Prod01 (192.168.1.20), but using the same public IP address but different internal server.  Is this at all possible?  

Thanks in advance,
Marc
0
Comment
Question by:marcr69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 1600 total points
ID: 17855996
It sounds like you want to implement an HTTP redirect from your initial server at 192.168.1.10 to then go to 192.168.1.20 for all subsequent HTTP traffic.  If this is correct, then I do not believe you can do this with port redirection statements in the PIX since you cannot redirect a single public IP address to point to two different internal servers using the same destination port, in this case TCP 80.

However, it may be possible to have your initial server (192.168.1.10) to perform a redirect to the same public IP address, but a DIFFERENT destination port.  For example,

24.29.113.49:80  ->  24.29.113.49:8080

So, when someone surfs to www.mytestbed.com and they get directed to 24.29.113.49:80, the initial server will respond with a redirect pointing the web browser to 24.29.113.49:8080 which would then point to the second server since it would have TCP 8080 as the destination of the redirect.  The traffic would still arrive on the normal TCP 80 at the second server because of the construction of the static port redirect statement shown below.  Here are the commands you could try to see if this will work (I'm not sure because I've never done this before):

static (inside,outside) tcp 24.29.113.49 80 192.168.1.10 80 netmask 255.255.255.255
static (inside,outside) tcp 24.29.113.49 8080 192.168.1.20 80 netmask 255.255.255.255

You will also need to modify your ACL applied to your outside interface to allow traffic to the above ports.  For example,

access-list acl_in permit tcp any host 24.29.113.49 eq 80
access-list acl_in permit tcp any host 24.29.113.49 eq 8080

Give it a shot and see if it works!
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 17856001
Never mind on the previous post...I just now read where you have a Netscreen firewall.  I wrote the previous answer for a Cisco PIX firewall.  So sorry!
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 400 total points
ID: 17868490
Can't do what you're asking, for that you need to have some kind of redirection in your webserver itself. Can't do with both Cisco and Netscreen.

However if you want to access both the servers at the same time but just with one IP address, it is possible using VIP

Cheers,
Rajesh
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question