Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
10
Helpful
5
Replies

PIX506E - multiple IP addresses on the "outside" interface

Go to solution
ph0enix
Level 1
Level 1

‎11-23-2009 06:03 AM - edited ‎03-11-2019 09:41 AM

My ISP gives me 5 public IP addresses that are advertised through a router they provided.  The router is plugged into a PIX506E firewall.  Is there a way to configure more than one public IP on the firewalls "outside" interface?  

Thank you!

J.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-23-2009 06:41 AM 

ph0enix wrote:
My ISP gives me 5 public IP addresses that are advertised through a router they provided.  The router is plugged into a PIX506E firewall.  Is there a way to configure more than one public IP on the firewalls "outside" interface?   
Thank you!
J.

J

You don't have to. As long as the ISP routes these addresses to your pix (and they will be doing) then you can simply use these addresses in NAT statements. So lets say one of the public IPs is 195.17.17.10 and you want to present an internal server to the outside, the internal server being 192.168.5.10. And you want to allow http to this server.

static (inside,outside) 195.17.17.10 192.168.5.10

access-list outside_in permit tcp any host 195.17.17.10 eq 80

access-group outside_in in interface outside

then anybody on the outside of the pix can connect to 195.17.17.10 on port 80 and the pix will redirect it to 192.168.5.10

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-23-2009 06:41 AM 

ph0enix wrote:
My ISP gives me 5 public IP addresses that are advertised through a router they provided.  The router is plugged into a PIX506E firewall.  Is there a way to configure more than one public IP on the firewalls "outside" interface?   
Thank you!
J.

J

You don't have to. As long as the ISP routes these addresses to your pix (and they will be doing) then you can simply use these addresses in NAT statements. So lets say one of the public IPs is 195.17.17.10 and you want to present an internal server to the outside, the internal server being 192.168.5.10. And you want to allow http to this server.

static (inside,outside) 195.17.17.10 192.168.5.10

access-list outside_in permit tcp any host 195.17.17.10 eq 80

access-group outside_in in interface outside

then anybody on the outside of the pix can connect to 195.17.17.10 on port 80 and the pix will redirect it to 192.168.5.10

Jon

0 Helpful

Go to solution
ph0enix
Level 1
Level 1
In response to Jon Marshall

‎11-23-2009 06:49 AM

Thank you, Jon!!!

I found this post while awaiting a reply (I know, I should have looked harder before posting):

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24540244.html

It says the same thing.  It worked like a charm!

J.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ph0enix

‎11-23-2009 06:51 AM

No problem, glad to have helped.

Jon

Go to solution
ph0enix
Level 1
Level 1
In response to Jon Marshall

‎11-23-2009 06:53 AM

I would like to rate you answer but I can't figure out how to do that.  The old system had a rating drop down which I'm not seeing anymore.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ph0enix

‎11-23-2009 07:12 AM

No worries.

I think to rate you use the left hand stars in the message box at the bottom left. Takes a bit of getting used to this new site

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card