[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

putting external IPs inside my network

Posted on 2009-12-23
5
Medium Priority
?
361 Views
Last Modified: 2012-05-08
Hello Experts

I have a PIX 515 firewall and a range of 10 External IPs 83.71.24.10 - 20. If I assign say 83.71.24.10 to my firewall , how can I get that firewall to foward requests to the other IPs on the inside of my network. Bear in mind I will be assigning external ips to email servers inside my network. In other words how will my pix know to answer requests for say 83.71.24.15

thanks again
0
Comment
Question by:brucehunter
5 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26111795
0
 
LVL 6

Expert Comment

by:mohanarangam
ID: 26111829
You can consider PAT also if you want to Map one external IP to multiple internal IPs.

http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_515qk.html#wp47925
0
 
LVL 23

Expert Comment

by:rhandels
ID: 26111883
Hi,

To explain a bit more (as i do agree with the statements here that you need to use NAT) about how to do this..

'Let's say you would like to publish a website to the outside world. Your ISS (webserver) would be listening on port 80 for incoming request. If you would like externals to actually access that website, you need to register your website to the internet with an ip adress in the external range you provided. Then, you make sure your internal webserver has a static ip address to which you can point. After that you create a static NAT rule on your PIX that points traffic from the external ip address you assigned to the internal webserver. You also tell your PIX to only listen on port 80, cause that's the port your website will be listening at (or 443 if you are using https).
0
 
LVL 13

Accepted Solution

by:
Springy555 earned 1000 total points
ID: 26112036
Your PIX will have an external interface, and an internal interface.  

Your ISP will be routing traffic for the 10 external IP's to the router in front of your PIX.  This router, if setup correctly, will forward this traffic on to the external interface of the PIX.

The internal interface of your PIX will need to be on a completely different subnet.  The IP assigned to this interface is likely to be the default gateway for your internal network.

As a result you will not be able to assign one of the external 10 ip addresses to your mail server, if your mail server sits inside your network, as it would need to be on the completely different internat subnet.

The only way to get this working would be to move the mail server outside of the internal network, and sit it alongside the PIX.  The router would then sent traffic to the mail server directly, rather than going through the PIX.  The obvious disadvantage is that your mailserver won't be protected.

A much better option is to configure one-to-one NAT on your PIX, which would translate one of the external IP addresses to the internal IP of your mailserver, and vice versa.  From the outside it would then appear you are communicating directly with your mail server using the external IP address.
0
 
LVL 5

Expert Comment

by:artoaperjan
ID: 26165052
you need to know how to configure the NAT ( Network Address Translation )
it is not possible to explain here how to config the NAT.

Regards
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Web hosting control panels were first developed to make it faster and easier for most users to set up and operate websites. The graphical user interface (GUI) allows users to perform tasks by pointing and clicking rather than typing highly specific…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question