Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
2
Replies

PIX with one static public IP address

arumugasamy
Level 1
Level 1

‎05-21-2007 12:03 AM - edited ‎03-11-2019 03:17 AM

Dear

I need to solve the below issue for which i need ur help

PIX with ISA in series to the inside interface .PIX inside ip 172.16.1.2/24 and the ISA server outside 172.16.1.1. ISA inside goes to the internal network where 5 servers are located to give outside access from internet and we need to do the mapping on the firewall for the 5 servers with 1 public ip address.

The pix outside ip address can be used or we have one more free ip address to use in the same /29 range.How can we map the 1 legal ip to 5 servers thro ISA server.

Please give the config sample for both NAT,Global and Static and Access-list.

I will be thankful for ur early response

swami

Labels:
0 Helpful
2 Replies 2

hoogen_82
Level 4
Level 4

‎05-21-2007 01:53 AM

Hi I am quite not sure if this is what you are expecting, anyway i will give my solution on this,

global(outside) 1 interface

nat(inside) 1 176.16.1.0 255.255.255.0

If your LAN of the servers are in different lan segment then include this also

nat(inside) 1 xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy

Now for the second part of your servers, for eg if you have a ftp server inside which you want to give people from outside to access your internal ftp

Your statement would be

static (inside,outside) tcp interface ftp aaa.aaa.aaa.aaa ftp netmask 255.255.255.255

Where aaa.aaa.aaa.aaa is your internal ftp ip address

Similarly if you need your outside people to access your internal smtp server your nat would look like

static (inside,outside) tcp interface smtp bbb.bbb.bbb.bbb smtp netmask 255.255.255.255

Similarly do for your other servers.

HTH

Hoogen

Do rate helpful posts :)

0 Helpful

arumugasamy
Level 1
Level 1
In response to hoogen_82

‎05-24-2007 12:13 AM

Hello,

I appreciate for ur help. Note that the real ftp server behind the ISA can be mapped in firewall as u mentioned. They like to map the inteface to the ISA ouside interface 172.16.1.1 that inturn pass the traffic to the real server.

Is it possible with pix.

When i use different legal ip than the one outside interface of the PIX use for the static NAT then the internet also toyally stopped and the show xlate shows global as the static NAT ip not the PATed ip of the outside interface.

Please help me

swami

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card