05-07-2007 10:18 AM - edited 03-11-2019 03:10 AM
I am looking at replacing a Novell Border Manager Firewall/VPN Server with a PIX 501e. My customer currentlly has 2 public IP Addresses - 1 for an internal publicy accessible website / internet traffic (From inside to internet and VPN Access) and 1 IP Address for MX Record and WebAccess.
Will the PIX 501e support 2 public IP Addresses (In the same subnet) on the outside interface, or will I have to use PAT with just 1 public IP Address?
TIA
05-07-2007 10:29 AM
You can use two public IP address in this scenario. Basically, one IP address will be assinged to the outside interface of PIX, and will be used for outbound internet access and Remote Access VPNs terminating on PIX. Same IP address can be used to access internally hosted website. Assuming that public IP is x and internal IP of webserver is y, you'll need following commands-
static (inside,outside) tcp interface 80 y 80
access-list 101 permit tcp any interface outside eq 80
access-group 101 in interface outside
Second IP address can be used again for your outlook webaccess server. Assuming public IP is z and internal IP of webaccess server is b, following commands will be required-
static (inside,outside) z b
access-list 101 permit tcp any host z eq 25
access-list 101 permit tcp any host z eq 443
access-list 101 permit tcp any host z eq 80
Hope that helps.
Regards,
Vibhor.
05-07-2007 10:30 AM
For outbound internet access, you'll need following commands-
nat (inside) 1 0 0
global (outside) 1 interface
Regards,
Vibhor.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: