02-25-2008 05:31 AM - edited 03-11-2019 05:08 AM
Hi,
Right the setup is a pix 501 with one outside IP. Lets say 213.213.213.213.
What needs to be done is to allow an external company access (on ip 10.10.10.10) to 3 computers (192.168.1.1-192.168.1.3)on port 80. For remote access.
Now as far as I know I can only allow access from this external ip address to 1 of the computers as I only have one external IP (the firewall interface) and therefore only one port 80. As in these three lines of config:
access-list services permit tcp host 10.10.10.10 host 213.213.213.213 eq www
static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255 0 0
access-group services in interface outside
In conclusion there is no way I can allow access to the other two internal ips 192.168.1.2 or .3 from the external company ip 10.10.10.10.
All I need to know is if I am incorrect or if there is another way round it without more external IPs.
Many thanks for reading,
Daniel.
02-25-2008 05:38 AM
You are correct unless you use ports other than 80 for the other 2 servers like this...
static (inside,outside) tcp interface 8080 192.168.1.2 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8081 192.168.1.3 www netmask 255.255.255.255 0 0
02-25-2008 05:49 AM
Thanks for the help guys.. just to summarise>
I have now got three entries:
static (inside,outside) tcp interface www 192.168.2.101 www netmask 255.255.255.
255 0 0
static (inside,outside) tcp interface 81 192.168.2.102 www netmask 255.255.255.2
55 0 0
static (inside,outside) tcp interface 82 192.168.2.103 www netmask 255.255.255.2
55 0 0
The remote company should now be able to access all three. Just for info they are using gotomypc.
Thanks Again.
02-25-2008 05:41 AM
Hi Daniel
You are correct. The only way round this is if you could run the web service on 3 different ports so that you could setup 3 different static entries for it ie.
static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 81 192.168.1.1 81 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 82 192.168.1.1 82 netmask 255.255.255.255 0 0
Then the users at the other end would connect as
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide