I would like to know what is the advantages of having 1 fixed address on the outside interface of the PIX doing port direction for mail,web and FTP server over multiple fixed IP address allocated by ISP to us.How many services can port direction support?if too many services are port directed can it slow down on the PIX or line?BTW does PIX506e have limited user access such as PIX-501.
The port redirection question is good. The pix performs NAT by default. When using a single IP on the outside and translating multiple services on different ports to different servers on the inside should not impact the pix performance.
This is very similar to using the single address on the outside to PAT all the users on the inside for their outbound connections.
When performing static translations, it is a recommended for Defense in Depth to only translate the ports needed for the host from the outside to the inside in addition to limiting by the access-list what ports are allowed through.
You will probably run into other limitations of the device, such as 25,000 concurrent connections or 100Mbps of clear text throughput (which are the upper limits of the Pix 506).
Here's the data sheet for the 506e which shows those performance numbers:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...