cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
543
Views
0
Helpful
4
Replies

Global Address behind PIX515

wdalati
Level 1
Level 1

Hello

I would like to know if i can have a server having a global address residing on one of my interface (inside and DMZs). I do not want to do the static.

If this case can be done, please can you provide help. If it has any inconvenience on the working of the server or the firewall i would be more than thankful.

Thank you

4 Replies 4

bfetzer
Level 1
Level 1

Correct me if I'm wrong but you simply want a server connected possibly to one of your DMZ ports to have a LIVE outside IP rather than be NAT'd out?

ie the server simply sits on the firewall and has the address 63.x.x.x ? without being NAT'd at all?

bfetzer
Level 1
Level 1

If that is the case. Why not just bind the live IP to the outside of the PIX and forward all ports to the inside/dmz host? I dont' really see why that would be a bad thing... It protects that host.

just asking questions... tryin to help :D

rmorrow
Level 1
Level 1

You still have to do a static but instead of two seperate IP's you just type the same one twice. This fools the PIX and it translates the address back to itself. You will also need the appropriate conduits or access list to allow the services.

halleuxm
Level 1
Level 1

You can also use a "nat 0 ..." statement which allow the IP of the server to be not translated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: