Multiple IP's on Pix 515E

[DocHolden]

I am new to Pix and need some help.
I need to have two IP's on the external interface of the PIX. Becasue I have the same protocol needing to go to differant servers depending on what is needed. For example:

192.168.0.2 --> 10.10.0.2 protocol 80
192.168.0.3 --> 10.10.0.3 protocol 80

How do I get this to work, keeping in mind I'm using the 192.168.0.2 with PAT for internal traffic going out.

Thanks in advance.

 

[IPKONFIG]

You need a static statement in your firewall.

Example:

static (inside,outside) 192.168.0.2 10.10.0.2 255.255.255.255 0 0
static (inside,outside) 192.168.0.2 10.10.0.3 255.255.255.255 0 0

then you need to create an ACL to permit or deny traffic.

Example:

access-list 101 permit tcp host 192.168.0.2 host 10.10.0.2 eq www
access-list 101 permit tcp host 192.168.0.3 host 10.10.0.3 eq www



"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[KiscoKid]

You can only assign one public IP to a PIX's outside interface and setup port-forwarding and you can create a static NAT with your other public IP, as follows:

ip address outside 192.168.0.2 255.255.255.0
static (inside, outside) 192.168.0.3 10.10.0.3
static (inside,outside) tcp interface

http://www 10.10.0.2

http://www netmask

255.255.255.255 0 0

This will work. Similarly if you already have an outside address assigned but have acquired 2 further addresses, you can just create 2 static NAT entries as follows

ip address outside 192.168.0.1 255.255.255.0
static (inside, outside) 192.168.0.2 10.10.0.2
static (inside, outside) 192.168.0.3 10.10.0.3

 

[DocHolden]

Thanks for the help!