PIX 6.3(5) Public address Inside

albertobrivio42 · ‎11-21-2005

Dear All,

I'm trying a PIX' configuration where inside address is 192.168.1.1 but in the same LAN will be public addressess.

Please, which commands are needed in order to "move" those public addr. to the outside (route and nat I suppose).

Regards

Alberto Brivio

primero · ‎11-21-2005

If i understood well what u need is to MAP Public Ip Addresses that belongs to the same network of the outside interface Ip Address to some Host in the Inside Interface.

All you need in this case are:

"static" command to map an address on lower level interface (outside) to one on the higher level (inside)

f.e. static (inside,outside) PUBLIC_IP PRIVATE_IP netmask 255.255.255.255

check out static command reference for further option

then u need to allow the traffic u want to allow to the PUBLIC_IP on the Access-list associated to the outside interface (using the PUBLIC_IP in the access-list destination).

Bye

Francesco

albertobrivio42 · ‎11-21-2005

Hi,

I try to explain the wished network scenario.

I have a PIX515E with 6 interface.

Outside will be 254.213.x.x , a valid public subnet

Inside and dmz should be private address like 192.168.x.x

Dmz and inside LANs, will be populated with hosts belonging to public address like 213.212.x.x or 212.110.x.x

I don't know if I was clear, but with these details how can I configure the PIX or where I can found related docs?

Regards

Alberto Brivio

jackko · ‎11-21-2005

maybe it would be easier if we put some scenario.

e.g. there is a web server in the dmz

static (dmz,outside) netmask 255.255.255.255

access-list inbound permit tcp any host eq 80

access-group inbound in interface outside

clear xlate