Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 501 Global Address Questions

I have a pix501 that I'm trying to set up for my business.

1. My internet service comes with 5 static IP's. Can I bind all these IP's to the outside (global) interface.

2. I have services (web, exchange, vpn) that I have to forward to be accessible to the outside. From my understanding of it your global address is what people on the outside will see. Does that add yet another layer of ip protection (ex. internally I am outgoing my ip looks like, and is sent out the interface, or do my global addy's have to be my ISP assigned IP(s)?


  • Other Security Subjects

Re: PIX 501 Global Address Questions

1. sure. you can use one for the outside interface, and put the other 4 in a global pool statement - I have that exact setup for a client.

2. global ip's need to be legitimate for the outside world to connect to. you can either forward complete ips to servers (i.e., outside.ip.address.5 gets forwarded to inside.ip.address.200), or just ports (so you could forward outside.ip.address.6's tcp port 80 to inside host .3:80, and outside.ip.address.6's tcp port 25 to inside host .4:25.

so, you need to determine how you want to use your ip addresses and forward ports, and then write an access list that you bind to the outside interface that allows access to the services you want

This widget could not be displayed.