Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Forwarding traffic from mutiple external IP addresses/same port to different internal servers

Posted on 2013-11-11
6
Medium Priority
?
376 Views
Last Modified: 2013-11-12
Hi,

We are currently using the PIX 515 with a broadband connection with several public IP addresses.
There is a need to have the external interface of the 515 to route traffic for two different external addresses. i.e route 212.x.x.50:80 to the webserver 192.168.1.8 and 212.x.x.51:80 to an exchange server 192.168.1.9.  

We have one physical interface to do this and I know that only one address can be assigned to the external interface. Please detail the commands necessary to accomplish this.
Thanks for any help,
0
Comment
Question by:terry_cole
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39639623
You could use something like DynDNS.org and try some "tricks".  Personally, and I know it's not what you want to hear, I would replace that with a SonicWall TZ-210 or similar.  Be done with Cisco nonsense forever.
0
 

Author Comment

by:terry_cole
ID: 39639929
Would love to go with new equipment but it is not in the clients budget.  If I did go with new equipment it would be Meraki MX series.  Very impressed with online configuration and then plug in play install.  The reporting has gotten better and better.
Ending the day dreaming, I am surprised that a CCNE didn't respond to this in their sleep.  If the unit can handled it I figured this was easy stuff...
0
 
LVL 10

Accepted Solution

by:
djcanter earned 2000 total points
ID: 39639985
you are fine only having one external interface as the outside addresses are in the same subnet.  what you are looking for is static nat.  you need to create the nat and an acl.

 see below commands for reference

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) *.*.*.214 192.168.0.10 netmask 255.255.255.255
static (inside,outside) *.*.*.215 192.168.0.11 netmask 255.255.255.255
static (inside,outside) *.*.*.216 192.168.0.12 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host *.*.*.214 eq 25
access-list outside_access_in extended permit tcp any host *.*.*.215 eq 443
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 80
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 443
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:terry_cole
ID: 39640004
See simple, create the paths then open security.  I will let the users finish their day and give it a try...
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39640021
you can also be more granular in the nat to specify the service, since you likely have other incoming connections (smtp, https) nat'ed on the primary wan ip.


static (inside,outside) tcp *.*.*.216 www 192.168.0.12 www netmask 255.255.255.255
static (inside,outside) tcp *.*.*.216 443 192.168.0.12 443 netmask 255.255.255.255
0
 

Author Closing Comment

by:terry_cole
ID: 39642471
Thank you
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question