11-07-2005 07:44 AM - edited 03-03-2019 10:54 AM
Hi,
I need help like a previous conversation.
I need to configure our pix to enable it for the Internet server. It is already configured for webmail. I am also awaiting confirmation of a second public IP address. But unsure how to configure.
currently it is
access-list inbound permit tcp any interface outside eq www
ip address outside 10.10.10.10 255.255.255.252
static (inside,outside) tcp interface www webmailsrv www netmask 255.255.255.255
access-group inbound in interface outside.
My question is how do I configure it if I do have a second IP address. Also if not would the following work.
static (inside,outside) tcp interface www Webmailsrv www netmask 255.255.255.255
static (inside,outside) tcp interface 8080 InternetSrv 8080 netmask 255.255.255.255
access-list inbound permit tcp any interface eq www
access-list inbound permit tcp any interface eq 8080
access-group inbound in interface outside
Hope somebody can help/explain.
Thanks
Solved! Go to Solution.
11-07-2005 03:54 PM
static (inside,outside) tcp interface www Webmailsrv www netmask 255.255.255.255
static (inside,outside) tcp interface 8080 InternetSrv 8080 netmask 255.255.255.255
access-list inbound permit tcp any interface eq www
access-list inbound permit tcp any interface eq 8080
access-group inbound in interface outside
this will work. after applying the above codes, you may however need to do "clear xlate local
assuming a second public ip is available, then:
access-list inbound permit tcp any interface outside eq www
access-list inbound permit tcp any host
ip address outside 10.10.10.10 255.255.255.252
static (inside,outside) tcp interface www webmailsrv www netmask 255.255.255.255
static (inside,outside)
access-group inbound in interface outside
11-07-2005 07:55 AM
You need to assign the new IP to the server, create a static inside,outside NAT rule as with the other server. You will then need to create an access rule to allow the traffic you require to the new server.
You will need the second IP if you are trying to IP forward on the same ports as the other address.
11-07-2005 03:54 PM
static (inside,outside) tcp interface www Webmailsrv www netmask 255.255.255.255
static (inside,outside) tcp interface 8080 InternetSrv 8080 netmask 255.255.255.255
access-list inbound permit tcp any interface eq www
access-list inbound permit tcp any interface eq 8080
access-group inbound in interface outside
this will work. after applying the above codes, you may however need to do "clear xlate local
assuming a second public ip is available, then:
access-list inbound permit tcp any interface outside eq www
access-list inbound permit tcp any host
ip address outside 10.10.10.10 255.255.255.252
static (inside,outside) tcp interface www webmailsrv www netmask 255.255.255.255
static (inside,outside)
access-group inbound in interface outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide