PIX 501, single public IP, multiple physical web servers

Posted on 2007-07-23
Last Modified: 2012-05-05

First time I'm actually asking a question, hoping someone has the answer.....

Description of situation:
- PIX 501
- Single public IP address
- 1 physical web server hosting 2 web sites
- DNS set up to map both web sites to the same public IP
  (eg: and both use the same public IP)
- PIX 501 maps public IP to the physical server for port 80
- IIS handles HTTP request using host header to map to the right web site

Now I want to add another physical server hosting 3 web sites. This physical server obviously will be given another private IP address. There is however no possibility to get another public IP to map to this new server and the web sites it runs.

Is there any way to get the PIX to handle this "problem", ie use the same public IP for all 5 web sites and have the respective IIS installations on the physical servers to map to the proper we site?

I've been pondering this for a while now, but being new to Cisco I'm not getting any further. Help would be very much appreciated.

Question by:RayCore
    LVL 31

    Expert Comment

    i would say only when using different ports? or?

    Author Comment


    I can have the 2nd web server listen in on another port alright, but can PIX 501 distinguish between different web site lookups?

    What I mean by this: if someone asks for, which I know is on the 2nd server using let's say port 81, how can I let the PIX map to this physical server.....? So how does PIX know, that has to be mapped to the internal IP of this server listening on port 81 and not to the 1st physical server using port 80?

    And if PIX can do this, what would be the answer to my problem, what would the proper syntax be?

    Thanks for thinking along.

    LVL 2

    Accepted Solution


    No,  the pix  can´t do that,    for do that you need a  7 layer firewall  like a proxy (isa server for example)

    Sorry  i am very  sure  in this  answer.

    Author Comment

    Thanks Parbul,

    Checked some other sites as well and they agree with you. This is something that can be performed by something like a router or such, but not a lower-layer firewall like this.


    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Suggested Solutions

    Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now