I have two websites hosting on one server inside. Currently I have a static NAT from a public address to an internal address for one of the websites, but, if I want to statically nat the ip address for a second website, it says that there is an overlapp and it can't do it.
Our old firewall did this fine, and I was wondering how I can get my PIX to forward port 80 from two public ip's to one private ip. Can the pix do this?
No, the PIX cannot do this (and you cannot configure it as you've seen). The problem we run into is on the outbound connections. If you have two translations built for an internal server on port 80, how does the PIX know which global address to translate the source address to? Address A or Address B? If we translate the response to an address that the client did not use when sending the initial packet, he is going to discard the response based on the fact that he got a response from someone that he didn't send anything to. You will need to configure your web servers to listen on different ports (80 and 8080 as an example) and then build your statics like this:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...