Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
590
Views
9
Helpful
11
Replies

PIX 501... Is this possible?

homeboarder8
Level 1
Level 1

‎08-02-2007 07:19 AM - edited ‎03-11-2019 03:52 AM

Okay so here is my situation. I have 2 static public IP addresses, lets say they are 55.55.55.55 and 66.66.66.66. Each IP address is for an independent web server. Lets say SERVER_1 has local IP 11.11.11.11 and SERVER_2 has local IP 22.22.22.22. So I need to have traffic coming in on 55.55.55.55 go to 11.11.11.11 and 66.66.66.66 go to 22.22.22.22. Is this scenario possible with the PIX 501? I know it is not a router, but could I use access lists to direct the traffic securely?

Labels:
0 Helpful
11 Replies 11

pciaccio
Level 4
Level 4

‎08-02-2007 07:22 AM

Sure, use access-list like this:

access-list 101 permit ip 55.55.55.55 255.255.255.255 11.11.11.11 255.255.255.255

access-list 101 permit 66.66.66.66 255.255.255.255 22.22.22.22 255.255.255.255

Good Luck.Please rate...

acomiskey
Level 10
Level 10
In response to pciaccio

‎08-02-2007 07:25 AM

static (inside,outside) 55.55.55.55 11.11.11.11 netmask 255.255.255.255

static (inside,outside) 66.66.66.66 22.22.22.22 netmask 255.255.255.255

access-list 101 permit tcp any 55.55.55.55 255.255.255.255 eq www

access-list 101 permit tcp any 66.66.66.66 255.255.255.255 eq www

access-group 101 in interface outside

Please rate helpful posts.

acomiskey
Level 10
Level 10
In response to acomiskey

‎08-02-2007 07:28 AM

homeboarder, the first post is incorrect for what you asked for.

0 Helpful

homeboarder8
Level 1
Level 1
In response to acomiskey

‎08-02-2007 07:35 AM

Hey thanks for the responses guys.

0 Helpful

homeboarder8
Level 1
Level 1
In response to homeboarder8

‎08-02-2007 07:40 AM

acomiskey would it be possible to apply a specific IP address to an interface? For example, if i wanted the traffic from 55.55.55.55 to come through port 1...

0 Helpful

acomiskey
Level 10
Level 10
In response to homeboarder8

‎08-02-2007 07:44 AM

I'm sorry, I don't completely understand the question.

Could you rephrase it another way maybe?

0 Helpful

homeboarder8
Level 1
Level 1
In response to acomiskey

‎08-02-2007 07:49 AM

Okay, yeah I guess I asked the wrong question... is it possible apply an access list to an interface?

0 Helpful

acomiskey
Level 10
Level 10
In response to homeboarder8

‎08-02-2007 07:50 AM

Absolutely, you apply an access-list to an interface with the access-group command like I wrote in the post above.

access-group in interface

0 Helpful

homeboarder8
Level 1
Level 1
In response to acomiskey

‎08-02-2007 07:53 AM

Also, in your first post, shouldn't it be

static (inside,outside) 11.11.11.11 55.55.55.55 netmask 255.255.255.255

rather than...

static (inside,outside) 55.55.55.55 11.11.11.11 netmask 255.255.255.255

since 11.11.11.11 is the local (inside) IP?

0 Helpful

acomiskey
Level 10
Level 10
In response to homeboarder8

‎08-02-2007 07:56 AM

Nope. I have it right.

Don't look at it as inside,outside then inside.ip, outside.ip. It's actually reversed.

0 Helpful

homeboarder8
Level 1
Level 1
In response to acomiskey

‎08-02-2007 07:57 AM

Okay great.

Thanks acomiskey

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card