pix 506E inbound connection

[JEFF11]

Hi,

I spent those last days trying to setup inbound connections on my PIX 506 without success.

Here is my configuration:

ISP router: 72.73.74.78
PIX outside interface: 72.73.74.73 255.255.248
PIX inside interface: 192.168.10.207 255.255.255.0

I use the pix as a gateway for all my workstations/servers in my inside network (allowing every machines to have Internet access).

Here is the list of command I used to enable my outbound access:

nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 interface
route outside 0 0 72.73.74.78 1

Now what I want to achieve:

I have a web server in my inside network (192.168.10.230) which I want to be accessible from internet (2 ports needs to be accessible: 80 and 87). I want internet users to access my web server using

http://72.73.74.73

and

http://72.73.74.73:87.

72.73.74.73 is the address of my outside interface and also our public address on the Internet.

Any help will be greatly appreciated.

Regards,

Jeff.

 

[JEFF11]

My ISP gave me a range of public IPs but I am able to intercept only the traffic of the one I setup on my outside interface (.233). Although they said all IPs are addressed to my network, the traffic of the .234 doesn't reach my pix. They said I should the setup the range of public IPs on the pix but I havn't found out how to do this... I initially thought setting up my outside interface as x.x.x.233 255.255.255.248 would work but it made no difference at all...

Jeff.

 

[ChrisAC]

All of your public range should be routed to your router that connects to the Pix. What's on 81.80.41.238? Is that your router?

So you have 81.80.41.232 /29 yes? (France Telecom?)

Tracing to your IP, everything hits your router and so will also hit your firewall.

<snip>
12 P12-0.LONCR3.London.opentransit.net (193.251.242.169) 13.046 ms 11.643 ms 13.323 ms
13 P7-0.PASCR3.Pastourelle.opentransit.net (193.251.242.17) 20.554 ms 20.106 ms 20.191 ms
14 P9-0.PASCR1.Pastourelle.opentransit.net (193.251.129.61) 19.919 ms 20.395 ms 20.320 ms
15 pos15-0.ntsta202.Paris.francetelecom.net (193.251.126.57) 20.302 ms 20.436 ms 20.814 ms
16 pos13-3.nrsta104.Paris.francetelecom.net (193.252.103.49) 20.420 ms 21.058 ms 21.443 ms
17 pos0-1-0-0.ncidf104.Paris.francetelecom.net (193.252.159.33) 20.420 ms 21.207 ms 20.320 ms
18 POS-4-0.CLBG2.Charlebourg.raei.francetelecom.net (193.253.14.210) 20.417 ms 20.326 ms 20.572 ms
19 81.52.14.134 (81.52.14.134) 20.530 ms 21.667 ms 20.567 ms
20 81.80.41.238 (81.80.41.238) 26.044 ms 27.481 ms 24.567 ms

To use those IP addresses instead of port forwarding you just use a static without the ports.

static (inside,outside) 81.80.41.235 192.168.10.230 netmask 255.255.255.255
static (inside,outside) 81.80.41.236 192.168.10.231 netmask 255.255.255.255

access-list inbound permit tcp any host 81.80.41.235 eq 80
access-list inbound permit tcp any host 81.80.41.236 eq 80

etc..

Once the Pix is configured with an external IP address with the correct netmask (255.255.255.248) then it knows that it handles IP addresses within this range and therefore will NAT for any address within your assigned range.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[JEFF11]

Thanks Chris, I'll give it a go.

Jeff

 

[LloydSev]

Are you running a DNS Server on the inside of your network?

All you have to do is setup an A Record for

http://www pointing

to the private IP and you should have no problems.

Computer/Network Technician
CCNA