08-02-2007 07:19 AM - edited 03-11-2019 03:52 AM
Okay so here is my situation. I have 2 static public IP addresses, lets say they are 55.55.55.55 and 66.66.66.66. Each IP address is for an independent web server. Lets say SERVER_1 has local IP 11.11.11.11 and SERVER_2 has local IP 22.22.22.22. So I need to have traffic coming in on 55.55.55.55 go to 11.11.11.11 and 66.66.66.66 go to 22.22.22.22. Is this scenario possible with the PIX 501? I know it is not a router, but could I use access lists to direct the traffic securely?
08-02-2007 07:22 AM
Sure, use access-list like this:
access-list 101 permit ip 55.55.55.55 255.255.255.255 11.11.11.11 255.255.255.255
access-list 101 permit 66.66.66.66 255.255.255.255 22.22.22.22 255.255.255.255
Good Luck.Please rate...
08-02-2007 07:25 AM
static (inside,outside) 55.55.55.55 11.11.11.11 netmask 255.255.255.255
static (inside,outside) 66.66.66.66 22.22.22.22 netmask 255.255.255.255
access-list 101 permit tcp any 55.55.55.55 255.255.255.255 eq www
access-list 101 permit tcp any 66.66.66.66 255.255.255.255 eq www
access-group 101 in interface outside
Please rate helpful posts.
08-02-2007 07:28 AM
homeboarder, the first post is incorrect for what you asked for.
08-02-2007 07:35 AM
Hey thanks for the responses guys.
08-02-2007 07:40 AM
acomiskey would it be possible to apply a specific IP address to an interface? For example, if i wanted the traffic from 55.55.55.55 to come through port 1...
08-02-2007 07:44 AM
I'm sorry, I don't completely understand the question.
Could you rephrase it another way maybe?
08-02-2007 07:49 AM
Okay, yeah I guess I asked the wrong question... is it possible apply an access list to an interface?
08-02-2007 07:50 AM
Absolutely, you apply an access-list to an interface with the access-group command like I wrote in the post above.
access-group
08-02-2007 07:53 AM
Also, in your first post, shouldn't it be
static (inside,outside) 11.11.11.11 55.55.55.55 netmask 255.255.255.255
rather than...
static (inside,outside) 55.55.55.55 11.11.11.11 netmask 255.255.255.255
since 11.11.11.11 is the local (inside) IP?
08-02-2007 07:56 AM
Nope. I have it right.
Don't look at it as inside,outside then inside.ip, outside.ip. It's actually reversed.
08-02-2007 07:57 AM
Okay great.
Thanks acomiskey
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide