Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 515 Static Inside/Outside Question

I only have 2 ip addresses that I can assign to my PIX. I need to open up mail, web, and https to the outside world. Everything I have read does a one-to-one static translation. Can I do a one-to many translation like this?

access-list 100 permit tcp any host XXX.XXX.XXX.15 eq www

access-list 100 permit tcp any host XXX.XXX.XXX.15 eq smtp

access-list 100 permit tcp any host XXX.XXX.XXX.15 eq ftp

static (inside,outside) XXX.XXX.XXX.15 192.168.1.4 netmask 255.255.255.255 0 0

static (inside,outside) XXX.XXX.XXX.15 192.168.1.5 netmask 255.255.255.255 0 0

static (inside,outside) XXX.XXX.XXX.15 192.168.1.6 netmask 255.255.255.255 0 0

access-group 100 in interface outside

I know this can be done on any other firewall, just not sure about the PIX.

I have successfully done this on a checkpoint,Raptor and ISA with out any issues.

Thanks for your help

1 REPLY
New Member

Re: PIX 515 Static Inside/Outside Question

I suppose your PIX's outside IP address is the one terminating by .15, then i use the word "interface" in the following example instead of the IP address. If it's not your case, you can simply replace this word by the real IP address.

static (inside,outside) tcp interface 80 192.168.1.4 80 netmask 255.255.255.255

static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255.255

static (inside,outside) tcp interface ftp 192.168.1.6 ftp netmask 255.255.255.255

Hope this helps

Ben

110
Views
0
Helpful
1
Replies
CreatePlease to create content