I have a PIX 515-E firewall which is giving me problem.
Inside our private network, we have a local host - behind my inside interface, called it HOST-A, IP 192.168.1.2.
From Internet, we have assigned 2 Public IP, both pointing to (NAT to) HOST-A, serving 2 different purpose
- One public IP : 18.104.22.168 to serve HTTP traffic
- Another public IP : 22.214.171.124 to serve POP-3 traffic.
I had used dynamic IP pool so that both Public IP is NAT to the same private - 192.168.1.2, at my outside interface.
However, I found that I need to create another NAT at my inside interface, ie 192.168.1.2 NAT to 126.96.36.199.
However, I also found that I cannot create another NAT rules for 192.168.1.2 to NAT to 188.8.131.52.
As such, our POP-3 traffic become not accessible.
Is it a limitation in PIX firewall ???
My PIX detail:
Cisco PIX Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
name 184.108.40.206 IP-HTTP
name 220.127.116.11 IP-POP
name 192.168.1.2 HOST-A
access-list outside_access_in extended permit tcp any host IP-HTTP object-group WEB-SERVICES
access-list outside_access_in extended permit tcp any host IP-POP object-group TCP-POP3-IMAP
global (inside) 1 HOST-A netmask 255.255.255.255
nat (outside) 1 IP-HTTP 255.255.255.255 outside
nat (outside) 1 IP-POP 255.255.255.255 outside
static (inside,outside) IP-HTTP HOST-A netmask 255.255.255.255