Pix Question

[tek777]

I want to buy a pix, my network has many Public IPS that i need to map on the firewall to internal web servers. (one-to-one NAT) Does the 501 do this the same as the 515? According to Cisco Press pix book, they didnt mention a difference in the way they handle the transactions. I currently have Checkpoint 4 Device that does Proxy-ARP, someone else told me that to do the same think the nokia device is doing that I would need a 515. Can someone shed some light on how this works? I do not have a router, the ISP just gives use the IPs to the internet. Thanks. P.S. I have also read doing proxy-arp is not so secure, because you can spoof the ARP entry. I am not sure what cisco calls the feature of proxy ARP.

 

[themut]

The PIX 501 has almost the same features as a PIX 515. However it has no support for failover but it has support for almost every other feature. The difference is in the amount of traffic they can handle and the performance of the device itself. As far as translations and ACLs go they work exactly the same.

 

[tek777]

OK. I just wanted to make sure, I just ordered a 501 Pix. The command I want to do is called setting up a static translation table. WHich is a bunch of public IP addresses, and then im going to transate them to the according private addresses for web servers. If anyone has a 501 and can verify this can work on mult. public IP addresses that would be cool. If not I can wait til I get my 501.

Thanks.

 

[themut]

static (inside, outside) <public-ip> <private-ip> netmask 255.255.255.255

access-list <acl-name> permit tcp any host <public-ip> eq <port>
access-group <acl-name> in interface outside

Those are the commands you need and make sure you have one ACL entry for every public server.