Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX with one static public IP address


I need to solve the below issue for which i need ur help

PIX with ISA in series to the inside interface .PIX inside ip and the ISA server outside ISA inside goes to the internal network where 5 servers are located to give outside access from internet and we need to do the mapping on the firewall for the 5 servers with 1 public ip address.

The pix outside ip address can be used or we have one more free ip address to use in the same /29 range.How can we map the 1 legal ip to 5 servers thro ISA server.

Please give the config sample for both NAT,Global and Static and Access-list.

I will be thankful for ur early response



Re: PIX with one static public IP address

Hi I am quite not sure if this is what you are expecting, anyway i will give my solution on this,

global(outside) 1 interface

nat(inside) 1

If your LAN of the servers are in different lan segment then include this also

nat(inside) 1 yyy.yyy.yyy.yyy

Now for the second part of your servers, for eg if you have a ftp server inside which you want to give people from outside to access your internal ftp

Your statement would be

static (inside,outside) tcp interface ftp ftp netmask

Where is your internal ftp ip address

Similarly if you need your outside people to access your internal smtp server your nat would look like

static (inside,outside) tcp interface smtp bbb.bbb.bbb.bbb smtp netmask

Similarly do for your other servers.



Do rate helpful posts :)

New Member

Re: PIX with one static public IP address


I appreciate for ur help. Note that the real ftp server behind the ISA can be mapped in firewall as u mentioned. They like to map the inteface to the ISA ouside interface that inturn pass the traffic to the real server.

Is it possible with pix.

When i use different legal ip than the one outside interface of the PIX use for the static NAT then the internet also toyally stopped and the show xlate shows global as the static NAT ip not the PATed ip of the outside interface.

Please help me


CreatePlease to create content