putting external IPs inside my network

Posted on 2009-12-23
Last Modified: 2012-05-08
Hello Experts

I have a PIX 515 firewall and a range of 10 External IPs - 20. If I assign say to my firewall , how can I get that firewall to foward requests to the other IPs on the inside of my network. Bear in mind I will be assigning external ips to email servers inside my network. In other words how will my pix know to answer requests for say

thanks again
Question by:brucehunter
    LVL 68

    Expert Comment

    LVL 6

    Expert Comment

    You can consider PAT also if you want to Map one external IP to multiple internal IPs.
    LVL 23

    Expert Comment


    To explain a bit more (as i do agree with the statements here that you need to use NAT) about how to do this..

    'Let's say you would like to publish a website to the outside world. Your ISS (webserver) would be listening on port 80 for incoming request. If you would like externals to actually access that website, you need to register your website to the internet with an ip adress in the external range you provided. Then, you make sure your internal webserver has a static ip address to which you can point. After that you create a static NAT rule on your PIX that points traffic from the external ip address you assigned to the internal webserver. You also tell your PIX to only listen on port 80, cause that's the port your website will be listening at (or 443 if you are using https).
    LVL 13

    Accepted Solution

    Your PIX will have an external interface, and an internal interface.  

    Your ISP will be routing traffic for the 10 external IP's to the router in front of your PIX.  This router, if setup correctly, will forward this traffic on to the external interface of the PIX.

    The internal interface of your PIX will need to be on a completely different subnet.  The IP assigned to this interface is likely to be the default gateway for your internal network.

    As a result you will not be able to assign one of the external 10 ip addresses to your mail server, if your mail server sits inside your network, as it would need to be on the completely different internat subnet.

    The only way to get this working would be to move the mail server outside of the internal network, and sit it alongside the PIX.  The router would then sent traffic to the mail server directly, rather than going through the PIX.  The obvious disadvantage is that your mailserver won't be protected.

    A much better option is to configure one-to-one NAT on your PIX, which would translate one of the external IP addresses to the internal IP of your mailserver, and vice versa.  From the outside it would then appear you are communicating directly with your mail server using the external IP address.
    LVL 5

    Expert Comment

    you need to know how to configure the NAT ( Network Address Translation )
    it is not possible to explain here how to config the NAT.


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Ever wondered why Windows 8 and 10 don't seem to accept your GPO-based software deployment while Windows 7 does? Read on.
    This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now