Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Is it possible to map one public IP to several internal IPs using a Netscreen-5GT Firewall

Posted on 2006-11-01
3
Medium Priority
?
205 Views
Last Modified: 2013-11-16
Hello,

I am trying to setup a network that will have one external IP address that will serve several internal servers that need to be accessed from the internet.  

The theory is that the initial URL of www.mytestbed.com (public IP of 24.29.113.49) would point to one internal server - Auth01 (192.168.1.10), then all corresponding messages would go to www1.mytestbed.com - Prod01 (192.168.1.20), but using the same public IP address but different internal server.  Is this at all possible?  

Thanks in advance,
Marc
0
Comment
Question by:marcr69
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 1600 total points
ID: 17855996
It sounds like you want to implement an HTTP redirect from your initial server at 192.168.1.10 to then go to 192.168.1.20 for all subsequent HTTP traffic.  If this is correct, then I do not believe you can do this with port redirection statements in the PIX since you cannot redirect a single public IP address to point to two different internal servers using the same destination port, in this case TCP 80.

However, it may be possible to have your initial server (192.168.1.10) to perform a redirect to the same public IP address, but a DIFFERENT destination port.  For example,

24.29.113.49:80  ->  24.29.113.49:8080

So, when someone surfs to www.mytestbed.com and they get directed to 24.29.113.49:80, the initial server will respond with a redirect pointing the web browser to 24.29.113.49:8080 which would then point to the second server since it would have TCP 8080 as the destination of the redirect.  The traffic would still arrive on the normal TCP 80 at the second server because of the construction of the static port redirect statement shown below.  Here are the commands you could try to see if this will work (I'm not sure because I've never done this before):

static (inside,outside) tcp 24.29.113.49 80 192.168.1.10 80 netmask 255.255.255.255
static (inside,outside) tcp 24.29.113.49 8080 192.168.1.20 80 netmask 255.255.255.255

You will also need to modify your ACL applied to your outside interface to allow traffic to the above ports.  For example,

access-list acl_in permit tcp any host 24.29.113.49 eq 80
access-list acl_in permit tcp any host 24.29.113.49 eq 8080

Give it a shot and see if it works!
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 17856001
Never mind on the previous post...I just now read where you have a Netscreen firewall.  I wrote the previous answer for a Cisco PIX firewall.  So sorry!
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 400 total points
ID: 17868490
Can't do what you're asking, for that you need to have some kind of redirection in your webserver itself. Can't do with both Cisco and Netscreen.

However if you want to access both the servers at the same time but just with one IP address, it is possible using VIP

Cheers,
Rajesh
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 3 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question