Solved

Forwarding traffic from mutiple external IP addresses/same port to different internal servers

Posted on 2013-11-11
6
370 Views
Last Modified: 2013-11-12
Hi,

We are currently using the PIX 515 with a broadband connection with several public IP addresses.
There is a need to have the external interface of the 515 to route traffic for two different external addresses. i.e route 212.x.x.50:80 to the webserver 192.168.1.8 and 212.x.x.51:80 to an exchange server 192.168.1.9.  

We have one physical interface to do this and I know that only one address can be assigned to the external interface. Please detail the commands necessary to accomplish this.
Thanks for any help,
0
Comment
Question by:terry_cole
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39639623
You could use something like DynDNS.org and try some "tricks".  Personally, and I know it's not what you want to hear, I would replace that with a SonicWall TZ-210 or similar.  Be done with Cisco nonsense forever.
0
 

Author Comment

by:terry_cole
ID: 39639929
Would love to go with new equipment but it is not in the clients budget.  If I did go with new equipment it would be Meraki MX series.  Very impressed with online configuration and then plug in play install.  The reporting has gotten better and better.
Ending the day dreaming, I am surprised that a CCNE didn't respond to this in their sleep.  If the unit can handled it I figured this was easy stuff...
0
 
LVL 10

Accepted Solution

by:
djcanter earned 500 total points
ID: 39639985
you are fine only having one external interface as the outside addresses are in the same subnet.  what you are looking for is static nat.  you need to create the nat and an acl.

 see below commands for reference

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) *.*.*.214 192.168.0.10 netmask 255.255.255.255
static (inside,outside) *.*.*.215 192.168.0.11 netmask 255.255.255.255
static (inside,outside) *.*.*.216 192.168.0.12 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host *.*.*.214 eq 25
access-list outside_access_in extended permit tcp any host *.*.*.215 eq 443
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 80
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 443
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:terry_cole
ID: 39640004
See simple, create the paths then open security.  I will let the users finish their day and give it a try...
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39640021
you can also be more granular in the nat to specify the service, since you likely have other incoming connections (smtp, https) nat'ed on the primary wan ip.


static (inside,outside) tcp *.*.*.216 www 192.168.0.12 www netmask 255.255.255.255
static (inside,outside) tcp *.*.*.216 443 192.168.0.12 443 netmask 255.255.255.255
0
 

Author Closing Comment

by:terry_cole
ID: 39642471
Thank you
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Networking/NAT rules 4 36
VLAN Tag for chained network device. 11 71
network + video series 4 71
IPv6 and IPv4 Subnetting scheme 4 48
Setting up SSH Cisco We are all told that you should not use Telent for connecting to devices because it is unsecure and all clear text. Much better is to use SSH, but it can seem a bit of a challenge setting it all up and especially in a small n…
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question