I have a pix501 that I'm trying to set up for my business.
1. My internet service comes with 5 static IP's. Can I bind all these IP's to the outside (global) interface.
2. I have services (web, exchange, vpn) that I have to forward to be accessible to the outside. From my understanding of it your global address is what people on the outside will see. Does that add yet another layer of ip protection (ex. internally I am 192.168.1.2 outgoing my ip looks like 10.1.1.2, and is sent out the interface 126.96.36.199), or do my global addy's have to be my ISP assigned IP(s)?
1. sure. you can use one for the outside interface, and put the other 4 in a global pool statement - I have that exact setup for a client.
2. global ip's need to be legitimate for the outside world to connect to. you can either forward complete ips to servers (i.e., outside.ip.address.5 gets forwarded to inside.ip.address.200), or just ports (so you could forward outside.ip.address.6's tcp port 80 to inside host .3:80, and outside.ip.address.6's tcp port 25 to inside host .4:25.
so, you need to determine how you want to use your ip addresses and forward ports, and then write an access list that you bind to the outside interface that allows access to the services you want
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...