11-28-2008 01:50 PM - edited 03-11-2019 07:19 AM
Hello,
Has anyone come across a solution where a customer is trying to map 1 public IP to many internal private IP's?
Thanks.
11-28-2008 02:41 PM
Marlon
This is called port forwarding and is quite common. The main restriction is you need to be using different ports so
static (inside,outside) tcp 195.166.77.1 25 192.168.5.10 25 netmask 255.255.255.255
static (inside,outside) tcp 195.166.77.1 80 192.168.5.11 80 netmask 255.255.255.255
is a perfectly valid configuration where any traffic received on the outside interface of your firewall going to
195.166.77.1 destination port 25 will be sent to 192.168.5.10 port 25
195.166.77.1 destination port 80 will be sent to 192.168.5.11 port 80
but what you can't do is
static (inside,outside) tcp 195.166.77.1 25 192.168.5.10 25 netmask 255.255.255.255
static (inside,outside) tcp 195.166.77.1 25 192.168.5.11 25 netmask 255.255.255.255
where you map the same public IP address and port number to 2 different private IP addresses.
Jon
11-28-2008 02:49 PM
Jon,
Thanks for the quick reply. In this case its web services with SSL certificate, so TCP port 443 is what I would be using for port forwarding, but it wont work as I know you can't map the same public IP to more than 1 private IP using the same port number.
11-28-2008 03:55 PM
solution is a very simple one. You can:
1- get more than 1 static IP addresses
2- put a load balancer such as F5 BigIP so
that the External users only see 1 public
IP but it is load-balance by the BigIP to
multiple servers internally,
3- get a ISA server for reverse-proxy,
Either way, you can not map the same public
IP to more than a private IP on the same
port.
You can get 5 static IPs from Verizon for
like $20/month.
11-28-2008 04:00 PM
Thanks for the quick reply.
Option 1 and 2 is no go, however, option number 3 looks interesting. I will look into option 3 further.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: