Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

PIX: map same pub ip address to 2 different ports?

Hi,

I have 1 pub interface on my pix and one on our webserver. i want to map 2 hostnames from our isp (e.g. www.domain.com to https and backup.domain.com to port 8080). is this possible? i can't seem to find any docs on this.

Thanks,

Geoff

3 REPLIES

Re: PIX: map same pub ip address to 2 different ports?

Hi,

Are you trying to map one (1) public IP to two (2) internal IP?

You can use a feature called port redirection. It allows hosts on a lower security interface to connect to a particular IP address and port and to have the PIX Firewall redirect the traffic to the appropriate server on a higher security interface.

The shared address can be a unique address, a shared outbound PAT address, or an address shared with the external interface. To implement port redirection, use the following command:

access-list outside permit tcp any host xx.xx.xx.5 eq https

access-list outside permit tcp any host xx.xx.xx.5 eq 8080

static (inside,outside) tcp xx.xx.xx.5 https 10.1.1.6 https netmask 255.255.255.255

static (inside,outside) tcp xx.xx.xx.5 8080 10.1.1.3 8080 netmask 255.255.255.255

access-group outside in interface outside

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

Rgds,

AK

Bronze

Re: PIX: map same pub ip address to 2 different ports?

thanks for the quick response! i am trying to go from 1 external ip to 1 internal ip with different ports:

Using your example below, but the internal ip is the same. possible?

static (inside,outside) tcp xx.xx.xx.5 https 10.1.1.6 https netmask 255.255.255.255

static (inside,outside) tcp xx.xx.xx.5 8080 10.1.1.6 8080 netmask 255.255.255.255

thanks again,

Geoff

Re: PIX: map same pub ip address to 2 different ports?

If your destination points to the same server/host to 2 different service ports (TCP/UDP) but on the same application, i.e web server services, then I think there'll be some issue as you can't run 2 x HTTP services in the same server, just like running 2 x FTP server applications in one box.

Normally, for a HTTP application for example, you can always point to the same IP or hostname with different services or ports, not 2 different IP. What I mean is:

http://www.testing.com --> using standard TCP-www port

https://www.testing.com --> using TCP-443 port

You used port redirection if you need to use 1 (one) public IP to access 2 different IPs/hosts running same or different services with different port (TCP/UDP) number.

In your case, I would say it is not possible, unless your server (with OS feature?) allows it. Perhaps you can achieve it if your server has 2 different IP Addresses, as this allows you to point/access it via 2 different port services (http and https).

Pls rate helpful post.

Rgds,

AK

259
Views
0
Helpful
3
Replies
CreatePlease to create content