Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX bind to two IP's

Can I bind my pix 515 to multiple Outside IP's? I want to use port 80 to get to my web server on one external IP and port 80 on a different IP to another internal server. If yes Then how ... (programming humour intended)

Thanks

L.Gelinas

lgelinas@healthspace.ca

3 REPLIES
Cisco Employee

Re: PIX bind to two IP's

Sure, just use port redirection with your statics.

> static (inside,outside) tcp 200.1.1.1 80 10.1.1.1 80 netmask 255.255.255.0

> static (inside,outside) tcp 200.1.1.2 80 10.1.1.2 80 netmask 255.255.255.0

> access-list inbound permit tcp any host 200.1.1.1 eq www

> access-list inbound permit tcp any host 200.1.1.2 eq www

> access-group inbound in interface outside

where 200.1.1.1 and 200.1.1.2 are the two external IP addresses, and 10.1.1.1 and 10.1.1.2 are the two internal hosts that they map to. You'll obviously have to get these external addresses assigned to you by your ISP and have them routed to your PIX.

Keep in mind that you can't do something like:

> static (inside,outside) tcp 200.1.1.1 80 10.1.1.1 80 netmask 255.255.255.0

> static (inside,outside) tcp 200.1.1.2 80 10.1.1.1 80 netmask 255.255.255.0

where two outside addresses are mapped to one internal address (or vice versa), but as long as each port redirection (for the same port number) goes to a different host then you'll be OK.

Cisco Employee

Re: PIX bind to two IP's

Whoops, just noticed my netmasks on the static commands I suggested are wrong. They should be 255.255.255.255, not 255.255.255.0 as I wrote.

Community Member

Re: PIX bind to two IP's

I got the jist! thanks

95
Views
5
Helpful
3
Replies
CreatePlease to create content