Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

can pix do this?

can pix do this?

1.NAT PROBLEM

for instance,pix's public address is 218.242.2.1,its private ip address is 192.168.0.1/24,there is a server whose ip address is 192.168.0.100,if someone in internet want to access tcp ports from 2000 to 5000 of 218.242.2.1,the pix can forward all the traffic to 192.168.0.100?if can,how to do this?

2.VPN problem

the structure is :

INTERNET--ROUTERA--PIX--LAN,both the ip address of inside and outside of the router are public address,and both the ip address of inside and outside of the pix are private address,.but I use NAT to translate the pix's outside ip address to a public address,then can pix act as a vpn server?that means if someone in internet can dialer in the pix with cisco vpn client software?if can,is there any diffirent config in pix or router?in the pix's place,if there is a routerb or vpn3000,can they act as vpn server?

thanks

3 REPLIES
Silver

Re: can pix do this?

Hi,

1) Yes,this is possible, you have to configure this:

static (inside, outside) interface 192.168.0.100 netmask 255.255.255.255

object-group service tcp-udp

port-object range 2000 5000

access-list outside_in permit tcp any interface object-group

2) Yes, this is possible, see this url for a good sample:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

Hope this help & kind regards,

Leo

New Member

Re: can pix do this?

thank u first!

but the second problem,maybe u misunderstand,I mean the pix doesnot have a real public ip address,a router is outside the pix which has real public address,and use NAT in the router,which translate the pix's outside ip address(which is a private ip address like 10.0.0.1) to a public ip address (such as 218.242.0.1),then the vpn client try to connect to 218.242.0.1,is it possible?

Silver

Re: can pix do this?

Sorry, I indeed missed the router doing NAT.

As long as the router does a full static IP translation (1 on 1) you should be fine. If it does in fact PAT you need some configuration on your router as well (but still can be done)

One thing bothers me, why have you chose such setup?

Kind regards,

Leo

99
Views
0
Helpful
3
Replies