Solved

Is it possible to map one public IP to several internal IPs using a Netscreen-5GT Firewall

Posted on 2006-11-01
3
190 Views
Last Modified: 2013-11-16
Hello,

I am trying to setup a network that will have one external IP address that will serve several internal servers that need to be accessed from the internet.  

The theory is that the initial URL of www.mytestbed.com (public IP of 24.29.113.49) would point to one internal server - Auth01 (192.168.1.10), then all corresponding messages would go to www1.mytestbed.com - Prod01 (192.168.1.20), but using the same public IP address but different internal server.  Is this at all possible?  

Thanks in advance,
Marc
0
Comment
Question by:marcr69
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 400 total points
ID: 17855996
It sounds like you want to implement an HTTP redirect from your initial server at 192.168.1.10 to then go to 192.168.1.20 for all subsequent HTTP traffic.  If this is correct, then I do not believe you can do this with port redirection statements in the PIX since you cannot redirect a single public IP address to point to two different internal servers using the same destination port, in this case TCP 80.

However, it may be possible to have your initial server (192.168.1.10) to perform a redirect to the same public IP address, but a DIFFERENT destination port.  For example,

24.29.113.49:80  ->  24.29.113.49:8080

So, when someone surfs to www.mytestbed.com and they get directed to 24.29.113.49:80, the initial server will respond with a redirect pointing the web browser to 24.29.113.49:8080 which would then point to the second server since it would have TCP 8080 as the destination of the redirect.  The traffic would still arrive on the normal TCP 80 at the second server because of the construction of the static port redirect statement shown below.  Here are the commands you could try to see if this will work (I'm not sure because I've never done this before):

static (inside,outside) tcp 24.29.113.49 80 192.168.1.10 80 netmask 255.255.255.255
static (inside,outside) tcp 24.29.113.49 8080 192.168.1.20 80 netmask 255.255.255.255

You will also need to modify your ACL applied to your outside interface to allow traffic to the above ports.  For example,

access-list acl_in permit tcp any host 24.29.113.49 eq 80
access-list acl_in permit tcp any host 24.29.113.49 eq 8080

Give it a shot and see if it works!
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 17856001
Never mind on the previous post...I just now read where you have a Netscreen firewall.  I wrote the previous answer for a Cisco PIX firewall.  So sorry!
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 100 total points
ID: 17868490
Can't do what you're asking, for that you need to have some kind of redirection in your webserver itself. Can't do with both Cisco and Netscreen.

However if you want to access both the servers at the same time but just with one IP address, it is possible using VIP

Cheers,
Rajesh
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now