02-04-2009 08:24 AM - edited 03-11-2019 07:45 AM
Hi, I have a 515e pix and I need to configure a pool address in my external interface. I have 5 ip addresses of isp provider. I use the ASDM software.
Thankyou.
Solved! Go to Solution.
02-04-2009 08:54 AM
Simply create a new pool ID in your firewall.
If your ISP gave you a /28 you then have 6 addresses , you loose one for PIX outside interface.
say you have 10.20.20.0/28
You can use outside to PAT, you will see similar scenario as:
your PIX outside interface IP is 10.20.20.1/28
global (outside) 1 interface
nat (inside) 1 0 0 (this Will pat anything inside againts your oustside global interface ip)
then crteate a POOL ID , say we use POOL ID 2 , and use remaining public IPs for that pool.
global (outside) 2 10.20.20.2-10.20.20.6
you may difine specific inside subnet to use pool 2 instead of PAT
say you have inside segments as 172.16.1.0/24 , 10.3.4.0/24 and want to have these subnets use your Pool ID 2.
nat (inside ) 2 172.16.1.0 255.255.255.0
nat (inside) 2 10.3.4.0 255.255.255.0
everything else inside will use PAT via global (outside) 1 interface
Regards
02-04-2009 08:54 AM
Simply create a new pool ID in your firewall.
If your ISP gave you a /28 you then have 6 addresses , you loose one for PIX outside interface.
say you have 10.20.20.0/28
You can use outside to PAT, you will see similar scenario as:
your PIX outside interface IP is 10.20.20.1/28
global (outside) 1 interface
nat (inside) 1 0 0 (this Will pat anything inside againts your oustside global interface ip)
then crteate a POOL ID , say we use POOL ID 2 , and use remaining public IPs for that pool.
global (outside) 2 10.20.20.2-10.20.20.6
you may difine specific inside subnet to use pool 2 instead of PAT
say you have inside segments as 172.16.1.0/24 , 10.3.4.0/24 and want to have these subnets use your Pool ID 2.
nat (inside ) 2 172.16.1.0 255.255.255.0
nat (inside) 2 10.3.4.0 255.255.255.0
everything else inside will use PAT via global (outside) 1 interface
Regards
02-04-2009 10:40 AM
Hola Jorge, gracias por contestar tan rápido. Verás he creado el pool con las direcciones públicas de mi proveedor, pero ninguna de estas direcciones responden a un ping desde fuera. En cambio la ip principal (outside) si que responde. ¿Tengo que añadir algún tipo de regla?. Además tengo que crear un nat de una de estas direcciones públicas a una ip privada de mi lan, ¿como hago esto si en el pool están todas las direcciones?. Perdona mi ignorancia y gracias de antemano.
02-04-2009 11:54 AM
he creado el pool con las direcciones públicas de mi proveedor, pero ninguna de estas direcciones responden a un ping desde fuera. En cambio la ip principal (outside) si que responde. ¿Tengo que añadir algún tipo de regla?. Además tengo que crear un nat de una de estas direcciones públicas a una ip privada de mi lan, ¿como hago esto si en el pool están todas las direcciones?. Perdona mi ignorancia y gracias de antemano.
translated I have created the pool with the public IP addresses from my provider, but none of these addresses respond to pings from outside. The primary ip from (outside) does respond. Do I have to additionally create some type of rule? beside, I have to create a nat from one of these public addresses to a orivate IP in my LAN. How do I do this if all these addresses are in a pool? sorry for my ignorance and thank before hand.
Hi Luis, I know you can write in English and would like if you could write in English on this post to expand and reach the forum folks.. you will have lots of help from us.
First I though you wanted to create a pool from the remaining public IP addresses , and that is why I responded with an example. Now your requirement has changed to use those public addresses for static nat translations.
There are many ways you can use these addresses for static NAT or port forwarding to save public IP addresses but to keep your requirement simple lets work with a simple static one-to-one NAT and take you a step at a time.
Forget about the pool for a moument, if you need to map a public IP address to a private IP address you can accomplish this through static NAT.
This is an example:
static (inside,outside)
then you need to create an access rule to permit traffic from outside to inside via the public IP address you have configured as the example above.
Do you understand up to here?
Regards
PLS rate any helpful posts
02-11-2009 09:03 AM
Hi all, Hi Jorge
Thank you for your help and for your answers. I have done what you said and it works. Although the public ip doesn't respond to pings, I can reach the private server from outside. I have just put the nat and the access rule and it works. Thank you.
02-11-2009 12:20 PM
Luis, thanks for posting the update and glad all worked out.. thank you for rating.
B.Regards
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide