ZaheerF
asked on
Can you static NAT a single public IP to two inside IPs using PIX 6.2 OS
I would like to add a new service in addition to the currently running. I cannot use the same server and IP since the system is in production and cannot be taken down. I want to run the service on a new box with a new inside IP. The problem is I do not have a spare public IP to map to this new service. Can I use the publi IP used by the old service and statically NAT it to two inside IPs. My PIX OS is 6.2
ASKER
Do u mean that I have static NAT like the following
Static (Inside,outside) tcp
static (inside,outside) tcp 211.10.10.10 192.168.1.50 netmask 255.255.255.255 0 0 eq 9201
static (inside,outside) tcp 211.10.10.10 192.168.1.51 netmask 255.255.255.255 0 0 eq 9211
Like mapping a single public IP to two private IP each on different ports
Can I do this
Static (Inside,outside) tcp
static (inside,outside) tcp 211.10.10.10 192.168.1.50 netmask 255.255.255.255 0 0 eq 9201
static (inside,outside) tcp 211.10.10.10 192.168.1.51 netmask 255.255.255.255 0 0 eq 9211
Like mapping a single public IP to two private IP each on different ports
Can I do this
ASKER
Sorry I miss typed the commands. It should be like the following.
static (inside,outside) tcp 211.10.10.10 9201 192.168.1.50 4001 netmask 255.255.255.255 0 0
static (inside,outside) tcp 211.10.10.10 9202 192.168.1.51 4002 netmask 255.255.255.255 0 .0
static (inside,outside) tcp 211.10.10.10 9201 192.168.1.50 4001 netmask 255.255.255.255 0 0
static (inside,outside) tcp 211.10.10.10 9202 192.168.1.51 4002 netmask 255.255.255.255 0 .0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have ssh mapped to port 4000 on the outside and switching back to 23 on the inside.
static (inside,outside) tcp interface 4000 10.0.0.8 ssh netmask 255.255.255.255
You would then need to allow the external port on the access list. In this case tcp 4000