PIX 501 with multiple outside IP's defined for web traffic forwarding
Is it possible to define a second publicly accessible IP to a PIX501 in an access list + static route (out to in) to forward web server traffic to a natted host on the inside? Basically a client currently uses an Linux IPCOP firewall with a dmz interface to forward 80/443 traffic to a web server with a non routable address. They want to put a PIX 501 unit in to act as a gateway for internal hosts as well as act as a VPN endpoint (to peer with a 501 unit at a differnt location) but they don't want to lose the web server access functionality. Now the 501 doesn't have a 2nd interface(DMZ). What I'm looking to achieve is to be able to configure pix501 thus:
1)outside address (this is the vpn end point address and the global PAT address for internal clients breaking out onto the internet
2nd address defined in access list:
access-list out_in permit tcp 80 any host <2nd public IP> eq 80
access-list out_in permit tcp 443 any host <2nd public IP> eq 443
static (inside,outside) <second public IP> <internal host> 255.255.255.255 0 0
anyone managed to get this to work or is this solution a no goer with a 501?
Re: PIX 501 with multiple outside IP's defined for web traffic f
I thought it might be possible but didn't want to reccommend this solution to the client and for it to not work...I think it would have been more prudent to deploy a firewall with a second interface but I may be able to sell them this idea...
'aye, the second public IP I will be assigning to the unit is in the same subnet as the first..it's an adsl circuit that has 2-3 IP's routed to it and the current IPCOP server certainly listens out for more than two IP's hitting the external network and then doing the forwarding to the respective natted segments behind it...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :