Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

Can I do this with NAT?

jhaggett
Level 1
Level 1

‎12-15-2003 10:07 AM - edited ‎03-09-2019 05:52 AM

I have two websites hosting on one server inside. Currently I have a static NAT from a public address to an internal address for one of the websites, but, if I want to statically nat the ip address for a second website, it says that there is an overlapp and it can't do it.

Our old firewall did this fine, and I was wondering how I can get my PIX to forward port 80 from two public ip's to one private ip. Can the pix do this?

Thanks!

Labels:
0 Helpful
1 Reply 1

scoclayton
Level 7
Level 7

‎12-15-2003 11:22 AM

Hi,

No, the PIX cannot do this (and you cannot configure it as you've seen). The problem we run into is on the outbound connections. If you have two translations built for an internal server on port 80, how does the PIX know which global address to translate the source address to? Address A or Address B? If we translate the response to an address that the client did not use when sending the initial packet, he is going to discard the response based on the fact that he got a response from someone that he didn't send anything to. You will need to configure your web servers to listen on different ports (80 and 8080 as an example) and then build your statics like this:

static (inside,outside) tcp host 1.1.1.1 80 host 10.1.1.1 80

static (inside,outside) tcp host 1.1.1.2 8080 host 10.1.1.1 8080

Hope this helps.

Scott

0 Helpful
Customers Also Viewed These Support Documents