Configure PIX 515 with 2 publics address

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Richard,


That's fine, if you have two public IP's available and one being utilized by your PIX outside interface then you can use the other IP (assuming that the 2nd IP is not for your internet facing router) for your mail, you should have the following (below) on your PIX config. Now all traffic that goes out to the internet from you LAN will be NAT’d to one IP address (i.e. your PIX outside IP address).


ip address outside 255.255.255.x

ip address inside 255.255.255.0


global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0


route outside 0.0.0.0 0.0.0.0 1


If you now need to allow mail access to an internal mail server, you’ll require ACL and static translation applying so to map the outside mail traffic to your internal mail server. You can use your ‘other’ available public IP to achieve this but make sure that your MX record for mail points to this IP.


access-list smtp permit tcp any host eq smtp

access-group smtp in interface outside


static (inside,outside) tcp smtp smtp netmask 255.255.255.255 0 0


All the above should be applied in configuration mode on the PIX. Make sure to save with: write mem and then issue: clear xlate


That should sort your problem out. Please rate post if it does as it might also help others too.


Jay




Actions

This Discussion