AFAIK i don't think you will be able to configure more than one ip address on the outside interface and also its a basic model out there in firewall devices..
I feel if you have a router over there you can configure loopback ips for different vpns ..
If i understand correctly you just need to make sure any of the IP addresses you use are routable to the pix.
So if you have a subnet for example
192.168.10.0/24 and you use 192.168.10.1 as the outside interface for the pix you can still use any of the remaining 192.168.10.x addresses as to NAT servers etc. behind the firewall.
As long as 192.168.10.x is routed to your outside interface of the pix you will be fine.
Hope i have not misunderstood
I want the following:
The internal IP Range is 172.16.25.x and the wan ip is 87.213.37.x and I want i.e. 126.96.36.199 and 188.8.131.52 as WAN ip adres so I can use .5 for the VPN tunnels and .6 for a port forward to the ftp server and exchange server.
Sorry still a bit confused. Are the ftp server and the exchange server in the 172.16.25.x address range ?
pix outside address 184.108.40.206
Use this for VPN termination and NAT.
220.127.116.11 - use this as address to represent the internal ftp server and exhange server.
Apologies if i am really not getting it
This is what exaclty what We want I want to use the .5 for de vpn and NAT and the .6 for port forwards to exchange and the ftp server. but HOW can I set this up in the PIX, that's my question :)
Maybe I am missing something, but it seems to me that a static translation of .6 with appropriate ports to the appropriate inside address with corresponding port should do what you want.
But to let the port forward work don't I have to attach the .6 External IP address to the outside interface first to make the port forward work??
You can do port forwarding for an address in the same subnet as the outside interface but not the address of the outside interface. This link discusses this topic:
and it includes this example:
static (inside,outside) tcp 18.104.22.168 telnet 10.1.1.6 telnet netmask 255.255.255.255 0 0
where the outside interface was .25.
No you don't need to attach it to the outside interface, that's what i've been trying to say :-).
As long as the address you use is routed to the external interface of the pix you will be fine.
If you use an IP address out of the same subnet as the pix external interface address you will be fine.
Just use the normal static commands you would use to set up the port forwarding.
Tested and it's working, I thought I tried that before but I gues i did something wrong the time before :)
Thanx a Bunch!