Single Public IP Address to Multiple Private IP DMZ Hosts

james.brigden · ‎09-29-2003

Hi.

I know everyone has likely been over all the ways in which this can be achieved with the PIX, but is Port Redirection with multiple Statics the only way to achieve this?

Basically, we have only 1 external IP Address we can use, but I need it to host FTP, WWW and SMTP on 3 different physical servers / hosts in the DMZ, each with its own single private IP address. Literature talks at length about having to have a one-to-one IP NAT relationship for all hosted services from the DMZ to outside, but how can I get the PIX (515 - latest software), to allow access to each of these servers from a single public IP address?

Thanks for your guidence

mostiguy · ‎09-29-2003

You cannot host 3 different physical servers, period. PIX is not a load balancer.

You could, via http host headers, host 3 different http (not https) web sites on one server. There is no solution for ftp or smtp. If you run your ftp or smtp on non standard ports, people will likely have trouble contacting them

james.brigden · ‎09-29-2003

Sure - what I was really thinking of was hosting FTP on one server, HTTP on another and SMTP on a third (in the DMZ). However, all services would have to be accessible through a single public IP Address - can I tell the PIX to map one public external Internet address to three different services, each on a different machine in the DMZ?

mostiguy · ‎09-29-2003

That should be completely doable with port forwarding via statics, so long as you are running a relatively modern PIX OS.

james.brigden · ‎09-29-2003

Thanks - that's the message I get from others on the subject too. How was this achieved before in older versions of the Cisco PIX IOS? Conduits?

jmia · ‎09-29-2003

Hi James,

Have a read of the following document:

http://www.cisco.com/warp/public/707/28.html

Thanks - Jay.

james.brigden · ‎09-29-2003

Thanks for everyone's help. That's sorted the issue out completely now. Cheers.