Solved

Forwarding traffic from mutiple external IP addresses/same port to different internal servers

Posted on 2013-11-11
6
373 Views
Last Modified: 2013-11-12
Hi,

We are currently using the PIX 515 with a broadband connection with several public IP addresses.
There is a need to have the external interface of the 515 to route traffic for two different external addresses. i.e route 212.x.x.50:80 to the webserver 192.168.1.8 and 212.x.x.51:80 to an exchange server 192.168.1.9.  

We have one physical interface to do this and I know that only one address can be assigned to the external interface. Please detail the commands necessary to accomplish this.
Thanks for any help,
0
Comment
Question by:terry_cole
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39639623
You could use something like DynDNS.org and try some "tricks".  Personally, and I know it's not what you want to hear, I would replace that with a SonicWall TZ-210 or similar.  Be done with Cisco nonsense forever.
0
 

Author Comment

by:terry_cole
ID: 39639929
Would love to go with new equipment but it is not in the clients budget.  If I did go with new equipment it would be Meraki MX series.  Very impressed with online configuration and then plug in play install.  The reporting has gotten better and better.
Ending the day dreaming, I am surprised that a CCNE didn't respond to this in their sleep.  If the unit can handled it I figured this was easy stuff...
0
 
LVL 10

Accepted Solution

by:
djcanter earned 500 total points
ID: 39639985
you are fine only having one external interface as the outside addresses are in the same subnet.  what you are looking for is static nat.  you need to create the nat and an acl.

 see below commands for reference

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) *.*.*.214 192.168.0.10 netmask 255.255.255.255
static (inside,outside) *.*.*.215 192.168.0.11 netmask 255.255.255.255
static (inside,outside) *.*.*.216 192.168.0.12 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host *.*.*.214 eq 25
access-list outside_access_in extended permit tcp any host *.*.*.215 eq 443
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 80
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 443
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 

Author Comment

by:terry_cole
ID: 39640004
See simple, create the paths then open security.  I will let the users finish their day and give it a try...
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39640021
you can also be more granular in the nat to specify the service, since you likely have other incoming connections (smtp, https) nat'ed on the primary wan ip.


static (inside,outside) tcp *.*.*.216 www 192.168.0.12 www netmask 255.255.255.255
static (inside,outside) tcp *.*.*.216 443 192.168.0.12 443 netmask 255.255.255.255
0
 

Author Closing Comment

by:terry_cole
ID: 39642471
Thank you
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Transparency shows that a company is the kind of business that it wants people to think it is.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question