Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Static Many to One Rules

I'm trying to do something like this:

static (dmz,outside) udp 9000 9000 netmask 0 0

static (dmz,outside) udp 9000 9000 netmask 0 0

static (dmz,outside) udp 9000 9000 netmask 0 0

static (dmz,outside) udp 9000 9000 netmask 0 0

static (dmz,outside) netmask 0 0

On a Pix 520 with IOS 6.3, I get errors about duplicate entries. Is there anyway around that? or another method to establish that relationship?(using a router too maybe?)


Re: Static Many to One Rules

A pix is not a load balancer. It sounds like you are trying to make it one. Why do you want to have multiple statics in that configuration?

New Member

Re: Static Many to One Rules

It has something to do with the way my company does destination port discovery. We use source ports to control how our client software acts and how it finds our servers making firewall administration on the client end vary easy. We want multiple outside IP's open for listening only ideally. The reply traffic will be coming from another ip(the static map for the server)

We want multiple IP's open, but there is only one server, and thus only one internal IP. We are currently doing this relationship with an IpTables firewall, but wish to move over to out PIX 520.

I was thinking about maybe trying to use a 2621 router I have to intercept the packets and reroute them to internal.

Main thing for us is to keep the port information from the client intact and not changed by the PIX, so we know the ports opened by the client, since they will probably be natd in the first place.

Any ideas would be helpful, I really don't want to run two firewalls.


CreatePlease to create content