Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PAT Translation impossibility query.

Hi,

Right the setup is a pix 501 with one outside IP. Lets say 213.213.213.213.

What needs to be done is to allow an external company access (on ip 10.10.10.10) to 3 computers (192.168.1.1-192.168.1.3)on port 80. For remote access.

Now as far as I know I can only allow access from this external ip address to 1 of the computers as I only have one external IP (the firewall interface) and therefore only one port 80. As in these three lines of config:

access-list services permit tcp host 10.10.10.10 host 213.213.213.213 eq www

static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255 0 0

access-group services in interface outside

In conclusion there is no way I can allow access to the other two internal ips 192.168.1.2 or .3 from the external company ip 10.10.10.10.

All I need to know is if I am incorrect or if there is another way round it without more external IPs.

Many thanks for reading,

Daniel.

3 REPLIES
Green

Re: PAT Translation impossibility query.

You are correct unless you use ports other than 80 for the other 2 servers like this...

static (inside,outside) tcp interface 8080 192.168.1.2 www netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 8081 192.168.1.3 www netmask 255.255.255.255 0 0

New Member

Re: PAT Translation impossibility query.

Thanks for the help guys.. just to summarise>

I have now got three entries:

static (inside,outside) tcp interface www 192.168.2.101 www netmask 255.255.255.

255 0 0

static (inside,outside) tcp interface 81 192.168.2.102 www netmask 255.255.255.2

55 0 0

static (inside,outside) tcp interface 82 192.168.2.103 www netmask 255.255.255.2

55 0 0

The remote company should now be able to access all three. Just for info they are using gotomypc.

Thanks Again.

Hall of Fame Super Blue

Re: PAT Translation impossibility query.

Hi Daniel

You are correct. The only way round this is if you could run the web service on 3 different ports so that you could setup 3 different static entries for it ie.

static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 81 192.168.1.1 81 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 82 192.168.1.1 82 netmask 255.255.255.255 0 0

Then the users at the other end would connect as

http://213.213.213.213

http://213.213.213.213:81

http://213.213.213.213:82

Jon

235
Views
0
Helpful
3
Replies
CreatePlease to create content