Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX506E - multiple IP addresses on the "outside" interface

My ISP gives me 5 public IP addresses that are advertised through a router they provided.  The router is plugged into a PIX506E firewall.  Is there a way to configure more than one public IP on the firewalls "outside" interface?  

Thank you!

J.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: PIX506E - multiple IP addresses on the "outside" interface

ph0enix wrote:

My ISP gives me 5 public IP addresses that are advertised through a router they provided.  The router is plugged into a PIX506E firewall.  Is there a way to configure more than one public IP on the firewalls "outside" interface?  

Thank you!

J.

J

You don't have to. As long as the ISP routes these addresses to your pix (and they will be doing) then you can simply use these addresses in NAT statements. So lets say one of the public IPs is 195.17.17.10 and you want to present an internal server to the outside, the internal server being 192.168.5.10. And you want to allow http to this server.

static (inside,outside) 195.17.17.10 192.168.5.10

access-list outside_in permit tcp any host 195.17.17.10 eq 80

access-group outside_in in interface outside

then anybody on the outside of the pix can connect to 195.17.17.10 on port 80 and the pix will redirect it to 192.168.5.10

Jon

5 REPLIES
Hall of Fame Super Blue

Re: PIX506E - multiple IP addresses on the "outside" interface

ph0enix wrote:

My ISP gives me 5 public IP addresses that are advertised through a router they provided.  The router is plugged into a PIX506E firewall.  Is there a way to configure more than one public IP on the firewalls "outside" interface?  

Thank you!

J.

J

You don't have to. As long as the ISP routes these addresses to your pix (and they will be doing) then you can simply use these addresses in NAT statements. So lets say one of the public IPs is 195.17.17.10 and you want to present an internal server to the outside, the internal server being 192.168.5.10. And you want to allow http to this server.

static (inside,outside) 195.17.17.10 192.168.5.10

access-list outside_in permit tcp any host 195.17.17.10 eq 80

access-group outside_in in interface outside

then anybody on the outside of the pix can connect to 195.17.17.10 on port 80 and the pix will redirect it to 192.168.5.10

Jon

New Member

Re: PIX506E - multiple IP addresses on the "outside" interface

Thank you, Jon!!!

I found this post while awaiting a reply (I know, I should have looked harder before posting):

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24540244.html

It says the same thing.  It worked like a charm!

J.

Hall of Fame Super Blue

Re: PIX506E - multiple IP addresses on the "outside" interface

No problem, glad to have helped.

Jon

New Member

Re: PIX506E - multiple IP addresses on the "outside" interface

I would like to rate you answer but I can't figure out how to do that.  The old system had a rating drop down which I'm not seeing anymore.

Hall of Fame Super Blue

Re: PIX506E - multiple IP addresses on the "outside" interface

No worries.

I think to rate you use the left hand stars in the message box at the bottom left. Takes a bit of getting used to this new site

273
Views
10
Helpful
5
Replies
CreatePlease to create content