Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix VPN & Port forwarding

Hi!

I have installed a Pix latest 6.x version and have some questions. Is there a way to have several ipadresses on outside interface? I want to bind diffrent rules to/from ipadresses. For example www should point to a inside server ip. Also a VPN solution should work.

Outside ip from ISP should be aaa.bbb.ccc.82 and a get VPN to work.

I now need a way to allow outside aaa.bbb.ccc.90 adress to accept ISP webserver. Is there a way to get outside interface to answar both aaa.bbb.ccc.82 and 90 adress? If so i think i can work out a config.

Kr

Mattias

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: Pix VPN & Port forwarding

Hi Mattias,

If I got well the IP aaa.bbb.ccc.82 is the physical IP of the PIX and th IP aaa.bbb.ccc.90 should be an outside IP of a server behind the PIX.

In this case you'll only need th create a static entry in the PIX to answer these queries, like this ( assuming that the ouside and the inside interfaces named "ouside" and "inside" and the server's inside IP is xx.yy.zz.90 ) :

static(inside,outside) aaa.bbb.ccc.90 xx.yy.zz.90 netmask 255.255.255.255

Please let me know if not this is the situation.

Regards,

// Roland

Re: Pix VPN & Port forwarding

Mattias,

The way to do it is create static on specific port for the web traffic, ie:

static (inside,outside) tcp www www netmask 255.255.255.255

For the rest of the users you can keep the NAT or a general static.

Please rate if this helped.

Regards,

Daniel

4 REPLIES
New Member

Re: Pix VPN & Port forwarding

Hi Mattias,

If I got well the IP aaa.bbb.ccc.82 is the physical IP of the PIX and th IP aaa.bbb.ccc.90 should be an outside IP of a server behind the PIX.

In this case you'll only need th create a static entry in the PIX to answer these queries, like this ( assuming that the ouside and the inside interfaces named "ouside" and "inside" and the server's inside IP is xx.yy.zz.90 ) :

static(inside,outside) aaa.bbb.ccc.90 xx.yy.zz.90 netmask 255.255.255.255

Please let me know if not this is the situation.

Regards,

// Roland

Re: Pix VPN & Port forwarding

Mattias,

The way to do it is create static on specific port for the web traffic, ie:

static (inside,outside) tcp www www netmask 255.255.255.255

For the rest of the users you can keep the NAT or a general static.

Please rate if this helped.

Regards,

Daniel

New Member

Re: Pix VPN & Port forwarding

Ok it?s working fine now except that the users on inside pix complain about unsteady connection to internet. I?m thinking about speed and duplex. Current is 10BaseT. They have 2 m/bit line i think. Can i use any other command on the interface to make it more stabel?

Kr

Mattias

Gold

Re: Pix VPN & Port forwarding

You can verify if there are some errors on interface

with command

show interface e0

You should check counters (CRC, late collision) for errors

M.

101
Views
0
Helpful
4
Replies