PIX 501e - Secondary IP Address Support

Unanswered Question
May 7th, 2007
User Badges:

I am looking at replacing a Novell Border Manager Firewall/VPN Server with a PIX 501e. My customer currentlly has 2 public IP Addresses - 1 for an internal publicy accessible website / internet traffic (From inside to internet and VPN Access) and 1 IP Address for MX Record and WebAccess.


Will the PIX 501e support 2 public IP Addresses (In the same subnet) on the outside interface, or will I have to use PAT with just 1 public IP Address?


TIA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vitripat Mon, 05/07/2007 - 10:29
User Badges:
  • Gold, 750 points or more

You can use two public IP address in this scenario. Basically, one IP address will be assinged to the outside interface of PIX, and will be used for outbound internet access and Remote Access VPNs terminating on PIX. Same IP address can be used to access internally hosted website. Assuming that public IP is x and internal IP of webserver is y, you'll need following commands-


static (inside,outside) tcp interface 80 y 80

access-list 101 permit tcp any interface outside eq 80

access-group 101 in interface outside


Second IP address can be used again for your outlook webaccess server. Assuming public IP is z and internal IP of webaccess server is b, following commands will be required-


static (inside,outside) z b

access-list 101 permit tcp any host z eq 25

access-list 101 permit tcp any host z eq 443

access-list 101 permit tcp any host z eq 80


Hope that helps.


Regards,

Vibhor.

vitripat Mon, 05/07/2007 - 10:30
User Badges:
  • Gold, 750 points or more

For outbound internet access, you'll need following commands-


nat (inside) 1 0 0

global (outside) 1 interface


Regards,

Vibhor.


Actions

This Discussion