Solved

Forwarding traffic from mutiple external IP addresses/same port to different internal servers

Posted on 2013-11-11
6
358 Views
Last Modified: 2013-11-12
Hi,

We are currently using the PIX 515 with a broadband connection with several public IP addresses.
There is a need to have the external interface of the 515 to route traffic for two different external addresses. i.e route 212.x.x.50:80 to the webserver 192.168.1.8 and 212.x.x.51:80 to an exchange server 192.168.1.9.  

We have one physical interface to do this and I know that only one address can be assigned to the external interface. Please detail the commands necessary to accomplish this.
Thanks for any help,
0
Comment
Question by:terry_cole
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39639623
You could use something like DynDNS.org and try some "tricks".  Personally, and I know it's not what you want to hear, I would replace that with a SonicWall TZ-210 or similar.  Be done with Cisco nonsense forever.
0
 

Author Comment

by:terry_cole
ID: 39639929
Would love to go with new equipment but it is not in the clients budget.  If I did go with new equipment it would be Meraki MX series.  Very impressed with online configuration and then plug in play install.  The reporting has gotten better and better.
Ending the day dreaming, I am surprised that a CCNE didn't respond to this in their sleep.  If the unit can handled it I figured this was easy stuff...
0
 
LVL 10

Accepted Solution

by:
djcanter earned 500 total points
ID: 39639985
you are fine only having one external interface as the outside addresses are in the same subnet.  what you are looking for is static nat.  you need to create the nat and an acl.

 see below commands for reference

nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) *.*.*.214 192.168.0.10 netmask 255.255.255.255
static (inside,outside) *.*.*.215 192.168.0.11 netmask 255.255.255.255
static (inside,outside) *.*.*.216 192.168.0.12 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host *.*.*.214 eq 25
access-list outside_access_in extended permit tcp any host *.*.*.215 eq 443
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 80
access-list outside_access_in extended permit tcp any host *.*.*.216 eq 443
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:terry_cole
ID: 39640004
See simple, create the paths then open security.  I will let the users finish their day and give it a try...
0
 
LVL 10

Expert Comment

by:djcanter
ID: 39640021
you can also be more granular in the nat to specify the service, since you likely have other incoming connections (smtp, https) nat'ed on the primary wan ip.


static (inside,outside) tcp *.*.*.216 www 192.168.0.12 www netmask 255.255.255.255
static (inside,outside) tcp *.*.*.216 443 192.168.0.12 443 netmask 255.255.255.255
0
 

Author Closing Comment

by:terry_cole
ID: 39642471
Thank you
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually. Ever had this experience and just need to get the …
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now