Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Global Address behind PIX515

Hello

I would like to know if i can have a server having a global address residing on one of my interface (inside and DMZs). I do not want to do the static.

If this case can be done, please can you provide help. If it has any inconvenience on the working of the server or the firewall i would be more than thankful.

Thank you

4 REPLIES
New Member

Re: Global Address behind PIX515

Correct me if I'm wrong but you simply want a server connected possibly to one of your DMZ ports to have a LIVE outside IP rather than be NAT'd out?

ie the server simply sits on the firewall and has the address 63.x.x.x ? without being NAT'd at all?

New Member

Re: Global Address behind PIX515

If that is the case. Why not just bind the live IP to the outside of the PIX and forward all ports to the inside/dmz host? I dont' really see why that would be a bad thing... It protects that host.

just asking questions... tryin to help :D

New Member

Re: Global Address behind PIX515

You still have to do a static but instead of two seperate IP's you just type the same one twice. This fools the PIX and it translates the address back to itself. You will also need the appropriate conduits or access list to allow the services.

New Member

Re: Global Address behind PIX515

You can also use a "nat 0 ..." statement which allow the IP of the server to be not translated.

90
Views
0
Helpful
4
Replies