Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
14
Helpful
5
Replies

PIX 525E - will it work in our environment?

Go to solution
johnsapunov
Level 1
Level 1

‎08-08-2006 02:09 PM - edited ‎02-21-2020 01:05 AM

Hello all,

we have a small block of class C ip addresses (less than 10), and need to host approximately 100 web sites, and each IP will represent about 20 sites.

This is normally possible using "host header information" and we would like to be able to use the same thing after we install a Pix 525e firewall to protect the web server. I am assuming this is possible? what we would do is map static outside IP addressess to inside IP addresses such as "static (inside, outside) 205.55.35.133 192.168.10.133".

Will there be a problem with multiple Web sites being mapped to a single IP i.e. will the PIX firewall pass that information to IIS and not discard it?

Much obliged for your answers!

John

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
glen.messenger
Level 1
Level 1
In response to m-haddad

‎08-08-2006 03:12 PM

Hi,

I was referring to HTTP inspect/fixup, but I dont believe this covers the HOST header.

Glen

View solution in original post

0 Helpful
5 Replies 5

Go to solution
glen.messenger
Level 1
Level 1

‎08-08-2006 02:22 PM

Hi John,

A PIX by default, with just a static, wont strip/change the HOST header in HTTP requests, so any translation will still retain this information, I believe.

Anyone please correct me if i'm wrong.

Good luck,

Glen

Go to solution
m-haddad
Level 5
Level 5
In response to glen.messenger

‎08-08-2006 03:09 PM

Yes should work. PIX won't look at the http header. It will look at layer 4 and layer 3 part of the packet, apply the access list and then matches the Static NAT.

Hope this answers your questions,

Regards,

Go to solution
glen.messenger
Level 1
Level 1
In response to m-haddad

‎08-08-2006 03:12 PM

Hi,

I was referring to HTTP inspect/fixup, but I dont believe this covers the HOST header.

Glen

0 Helpful

Go to solution
m-haddad
Level 5
Level 5
In response to glen.messenger

‎08-08-2006 09:21 PM

Nope also the fixup won't look at the host header. However, it inspects any milicious command within the HTTP request.

Hope this helps,

Regards,

Go to solution
johnsapunov
Level 1
Level 1
In response to m-haddad

‎08-09-2006 05:07 AM

Thanks everyone for your replies...!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card