05-21-2007 12:03 AM - edited 03-11-2019 03:17 AM
Dear
I need to solve the below issue for which i need ur help
PIX with ISA in series to the inside interface .PIX inside ip 172.16.1.2/24 and the ISA server outside 172.16.1.1. ISA inside goes to the internal network where 5 servers are located to give outside access from internet and we need to do the mapping on the firewall for the 5 servers with 1 public ip address.
The pix outside ip address can be used or we have one more free ip address to use in the same /29 range.How can we map the 1 legal ip to 5 servers thro ISA server.
Please give the config sample for both NAT,Global and Static and Access-list.
I will be thankful for ur early response
swami
05-21-2007 01:53 AM
Hi I am quite not sure if this is what you are expecting, anyway i will give my solution on this,
global(outside) 1 interface
nat(inside) 1 176.16.1.0 255.255.255.0
If your LAN of the servers are in different lan segment then include this also
nat(inside) 1 xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
Now for the second part of your servers, for eg if you have a ftp server inside which you want to give people from outside to access your internal ftp
Your statement would be
static (inside,outside) tcp interface ftp aaa.aaa.aaa.aaa ftp netmask 255.255.255.255
Where aaa.aaa.aaa.aaa is your internal ftp ip address
Similarly if you need your outside people to access your internal smtp server your nat would look like
static (inside,outside) tcp interface smtp bbb.bbb.bbb.bbb smtp netmask 255.255.255.255
Similarly do for your other servers.
HTH
Hoogen
Do rate helpful posts :)
05-24-2007 12:13 AM
Hello,
I appreciate for ur help. Note that the real ftp server behind the ISA can be mapped in firewall as u mentioned. They like to map the inteface to the ISA ouside interface 172.16.1.1 that inturn pass the traffic to the real server.
Is it possible with pix.
When i use different legal ip than the one outside interface of the PIX use for the static NAT then the internet also toyally stopped and the show xlate shows global as the static NAT ip not the PATed ip of the outside interface.
Please help me
swami
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide