PIX 515 Static Inside/Outside Question - Cisco Community

301

Views

0

Helpful

1

Replies

I only have 2 ip addresses that I can assign to my PIX. I need to open up mail, web, and https to the outside world. Everything I have read does a one-to-one static translation. Can I do a one-to many translation like this?

access-list 100 permit tcp any host XXX.XXX.XXX.15 eq www

access-list 100 permit tcp any host XXX.XXX.XXX.15 eq smtp

access-list 100 permit tcp any host XXX.XXX.XXX.15 eq ftp

static (inside,outside) XXX.XXX.XXX.15 192.168.1.4 netmask 255.255.255.255 0 0

static (inside,outside) XXX.XXX.XXX.15 192.168.1.5 netmask 255.255.255.255 0 0

static (inside,outside) XXX.XXX.XXX.15 192.168.1.6 netmask 255.255.255.255 0 0

access-group 100 in interface outside

I know this can be done on any other firewall, just not sure about the PIX.

I have successfully done this on a checkpoint,Raptor and ISA with out any issues.

Thanks for your help

1 Reply 1

I suppose your PIX's outside IP address is the one terminating by .15, then i use the word "interface" in the following example instead of the IP address. If it's not your case, you can simply replace this word by the real IP address.

static (inside,outside) tcp interface 80 192.168.1.4 80 netmask 255.255.255.255

static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255.255

static (inside,outside) tcp interface ftp 192.168.1.6 ftp netmask 255.255.255.255

Hope this helps

Ben

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card