multiple web servers behind a 506E 1

[sicktrick]

If there were 4 web servers sitting behind a PIX 506E, would it be possible for the PIX to handle routing traffic to 4 different IP addresses?

 

[KiscoKid]

If all on the same subnet that the PIX's inside address resides on yes.

If any of those servers reside on a different LAN subnet to the PIX, this is not possible and you'll need a layer 3 router to route between the subnets.

 

[fs483]

I have 3 webservers behind a pix 501 with 3 different public IPs. Some webservers have more than 1 website and I use Host headers to distinguish them.

 

[KiscoKid]

That should be alright so long as the web servers real IP addresses are on the same subnet that the PIX inside address resides on. For instance, the following is ok:

ip address inside 10.1.1.254 255.255.255.0

static (inside, outside) 209.165.201.10 10.1.1.1 netmask 255.255.255.255
static (inside, outside) 209.165.201.11 10.1.1.2 netmask 255.255.255.255
static (inside, outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255

In this example, 10.1.1.0/24 is the internal LAN subnet and 209.165.201.x are the public IPs. Because the PIX and Web servers all have real addresses from the 10.1.1.0/24 subnet, the PIX can successfully route HTTP packets between the Internet and the Web servers without an itermediary router.

However the following will not work with just a PIX:

ip address inside 192.168.1.1 255.255.255.0

static (inside, outside) 209.165.201.10 10.1.1.1 netmask 255.255.255.255
static (inside, outside) 209.165.201.11 10.1.1.2 netmask 255.255.255.255
static (inside, outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255

Here the PIX resides on a different LAN subnet than the web servers and in this scenario you need a layer 3 router on the LAN. This router will then be able to route between 192.168.1.0/24 and 10.1.1.0/24 and this will allow HTTP traffic to flow between the Internet, PIX and Web servers.