cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
312
Views
0
Helpful
2
Replies

PIX 501e - Secondary IP Address Support

14dallas
Level 1
Level 1

I am looking at replacing a Novell Border Manager Firewall/VPN Server with a PIX 501e. My customer currentlly has 2 public IP Addresses - 1 for an internal publicy accessible website / internet traffic (From inside to internet and VPN Access) and 1 IP Address for MX Record and WebAccess.

Will the PIX 501e support 2 public IP Addresses (In the same subnet) on the outside interface, or will I have to use PAT with just 1 public IP Address?

TIA

2 Replies 2

vitripat
Level 7
Level 7

You can use two public IP address in this scenario. Basically, one IP address will be assinged to the outside interface of PIX, and will be used for outbound internet access and Remote Access VPNs terminating on PIX. Same IP address can be used to access internally hosted website. Assuming that public IP is x and internal IP of webserver is y, you'll need following commands-

static (inside,outside) tcp interface 80 y 80

access-list 101 permit tcp any interface outside eq 80

access-group 101 in interface outside

Second IP address can be used again for your outlook webaccess server. Assuming public IP is z and internal IP of webaccess server is b, following commands will be required-

static (inside,outside) z b

access-list 101 permit tcp any host z eq 25

access-list 101 permit tcp any host z eq 443

access-list 101 permit tcp any host z eq 80

Hope that helps.

Regards,

Vibhor.

For outbound internet access, you'll need following commands-

nat (inside) 1 0 0

global (outside) 1 interface

Regards,

Vibhor.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: