Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501... Is this possible?

Okay so here is my situation. I have 2 static public IP addresses, lets say they are 55.55.55.55 and 66.66.66.66. Each IP address is for an independent web server. Lets say SERVER_1 has local IP 11.11.11.11 and SERVER_2 has local IP 22.22.22.22. So I need to have traffic coming in on 55.55.55.55 go to 11.11.11.11 and 66.66.66.66 go to 22.22.22.22. Is this scenario possible with the PIX 501? I know it is not a router, but could I use access lists to direct the traffic securely?

11 REPLIES
Silver

Re: PIX 501... Is this possible?

Sure, use access-list like this:

access-list 101 permit ip 55.55.55.55 255.255.255.255 11.11.11.11 255.255.255.255

access-list 101 permit 66.66.66.66 255.255.255.255 22.22.22.22 255.255.255.255

Good Luck.Please rate...

Green

Re: PIX 501... Is this possible?

static (inside,outside) 55.55.55.55 11.11.11.11 netmask 255.255.255.255

static (inside,outside) 66.66.66.66 22.22.22.22 netmask 255.255.255.255

access-list 101 permit tcp any 55.55.55.55 255.255.255.255 eq www

access-list 101 permit tcp any 66.66.66.66 255.255.255.255 eq www

access-group 101 in interface outside

Please rate helpful posts.

Green

Re: PIX 501... Is this possible?

homeboarder, the first post is incorrect for what you asked for.

New Member

Re: PIX 501... Is this possible?

Hey thanks for the responses guys.

New Member

Re: PIX 501... Is this possible?

acomiskey would it be possible to apply a specific IP address to an interface? For example, if i wanted the traffic from 55.55.55.55 to come through port 1...

Green

Re: PIX 501... Is this possible?

I'm sorry, I don't completely understand the question.

Could you rephrase it another way maybe?

New Member

Re: PIX 501... Is this possible?

Okay, yeah I guess I asked the wrong question... is it possible apply an access list to an interface?

Green

Re: PIX 501... Is this possible?

Absolutely, you apply an access-list to an interface with the access-group command like I wrote in the post above.

access-group in interface

New Member

Re: PIX 501... Is this possible?

Also, in your first post, shouldn't it be

static (inside,outside) 11.11.11.11 55.55.55.55 netmask 255.255.255.255

rather than...

static (inside,outside) 55.55.55.55 11.11.11.11 netmask 255.255.255.255

since 11.11.11.11 is the local (inside) IP?

Green

Re: PIX 501... Is this possible?

Nope. I have it right.

Don't look at it as inside,outside then inside.ip, outside.ip. It's actually reversed.

New Member

Re: PIX 501... Is this possible?

Okay great.

Thanks acomiskey

133
Views
9
Helpful
11
Replies
CreatePlease login to create content