Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Load balancer connect to DMZ1

I have foundry load balancer that I am going to connect to my pix 520's dmz port.

Because, I have many VIPs that need public IP address, I was wondering if I can make multiple:

Static (dmz1, outside) commands.

(for example)

static (dmz1, outside) 204.31.17.5 10.1.1.2

static (dmz1, outside) 204.31.17.6 10.1.1.3

static (dmz1, outside) 204.31.17.7 10.1.1.4

static (dmz1, outside) 204.31.17.8 10.1.1.5

static (dmz1, outside) 204.31.17.9 10.1.1.6

conduits permit tcp host 204.31.17.5 eq www any

conduits permit tcp host 204.31.17.6 eq www any

conduits permit tcp host 204.31.17.7 eq www any

conduits permit tcp host 204.31.17.8 eq www any

conduits permit tcp host 204.31.17.9 eq www any

Probably have 50 more VIPs to add onto the pix box.

I have not run the configuration yet.

Each VIPs need one to one translation.

William

1 REPLY
New Member

Re: Load balancer connect to DMZ1

You can do it that way and it would work or you could create one static entry for all of them i.e.:

static (dmz1,outside) 204.31.17.1 10.1.1.1 netmask 255.255.255.255

This command will create a one to one static of 204.31.17.5 to 10.1.1.5

Then just create an access list for 204.31.17.1 to permit whatever ports you want to allow through.

90
Views
0
Helpful
1
Replies