Monitor your entire network from a single platform. Free 30 Day Trial Now!
configure pix 506e for multiple external interfaces
Hello,
I have a time warner biz modem with 5 static ip addresses.
currently i have one outside ip defined, and static routes from this ip to various
places on the internal network - everything works fine. I have installed a DVR/camera system, and want to use an additonal ip address from my static range provided by time warner.
ip address outside xxx.xxx.xxx.50 (current setting)
I would like to add xxx.xxx.xxx.51 and set a static route, nat, etc to 192.168.1.200, using
various ports like www, 5920, etc. my global setting is : global (outside) 1 interface.
How can I do this???
Thanks,
eholz_one
I have a time warner biz modem with 5 static ip addresses.
currently i have one outside ip defined, and static routes from this ip to various
places on the internal network - everything works fine. I have installed a DVR/camera system, and want to use an additonal ip address from my static range provided by time warner.
ip address outside xxx.xxx.xxx.50 (current setting)
I would like to add xxx.xxx.xxx.51 and set a static route, nat, etc to 192.168.1.200, using
various ports like www, 5920, etc. my global setting is : global (outside) 1 interface.
How can I do this???
Thanks,
eholz_one
Who is Participating?
If I understand correctly you are looking for 1to1 NAT.
Please look at this link:
http://serverfault.com/questions/382705/configuring-pix-506-with-nat-for-multiple-public-addresses
Please look at this link:
http://serverfault.com/questions/382705/configuring-pix-506-with-nat-for-multiple-public-addresses
Hello Again,
No luck, pix fw version is 6.3 (4), and does not accept the "extended" word in the command line!
ouch,
eholz_one
No luck, pix fw version is 6.3 (4), and does not accept the "extended" word in the command line!
ouch,
eholz_one
Have you tried without extended (format posted in link)?
access-list outside_access_in permit tcp any host <IP address> eq port
access-list outside_access_in permit tcp any host <IP address> eq port
Yes, I have tried this. It does not work, but it may not be the pix settings.
I will have to get with timewarner to verify we really have 4 more functional external ip addresses!!
thanks for the help
I will have to get with timewarner to verify we really have 4 more functional external ip addresses!!
thanks for the help
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
static (inside,outside) xxx.xxx.xxx.51 192.168.1.200 netmask 255.255.255.255
access-list inbound extended permit tcp any host xxx.xxx.xxx.51 eq 5920
access-list inbound extended permit tcp any host xxx.xxx.xxx.51 eq www
access-group inbound in interface outside
Note: This assumes you do NOT have an inbound ACL (Issue a show acess-group command to find out), if you do it will say access-group {name} in interface outside, Simply replace the word inbound above for the name of yours and DONT issue the command that starts access-group.