Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 378
  • Last Modified:

Forwarding traffic from mutiple external IP addresses/same port to different internal servers

Hi,

We are currently using the PIX 515 with a broadband connection with several public IP addresses.
There is a need to have the external interface of the 515 to route traffic for two different external addresses. i.e route 212.x.x.50:80 to the webserver 192.168.1.8 and 212.x.x.51:80 to an exchange server 192.168.1.9.  

We have one physical interface to do this and I know that only one address can be assigned to the external interface. Please detail the commands necessary to accomplish this.
Thanks for any help,
0
terry_cole
Asked:
terry_cole
  • 3
  • 2
1 Solution
 
FutureTechSysDOTcomCommented:
You could use something like DynDNS.org and try some "tricks".  Personally, and I know it's not what you want to hear, I would replace that with a SonicWall TZ-210 or similar.  Be done with Cisco nonsense forever.
0
 
terry_coleAuthor Commented:
Would love to go with new equipment but it is not in the clients budget.  If I did go with new equipment it would be Meraki MX series.  Very impressed with online configuration and then plug in play install.  The reporting has gotten better and better.
Ending the day dreaming, I am surprised that a CCNE didn't respond to this in their sleep.  If the unit can handled it I figured this was easy stuff...
0
 
djcanterCommented:
you are fine only having one external interface as the outside addresses are in the same subnet.  what you are looking for is static nat.  you need to create the nat and an acl.

 see below commands for reference

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) *.*.*.214 192.168.0.10 netmask 255.255.255.255
static (inside,outside) *.*.*.215 192.168.0.11 netmask 255.255.255.255
static (inside,outside) *.*.*.216 192.168.0.12 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host *.*.*.214 eq 25
access-list outside_access_in extended permit tcp any host *.*.*.215 eq 443
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 80
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 443
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
terry_coleAuthor Commented:
See simple, create the paths then open security.  I will let the users finish their day and give it a try...
0
 
djcanterCommented:
you can also be more granular in the nat to specify the service, since you likely have other incoming connections (smtp, https) nat'ed on the primary wan ip.


static (inside,outside) tcp *.*.*.216 www 192.168.0.12 www netmask 255.255.255.255
static (inside,outside) tcp *.*.*.216 443 192.168.0.12 443 netmask 255.255.255.255
0
 
terry_coleAuthor Commented:
Thank you
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now