cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
235
Views
0
Helpful
2
Replies

PIX515E DMZ Routing Question

jcalhoun1984
Level 1
Level 1

Here's my situation we're a WISP and the PIX515 is our gateway to the internet for our clients. All of our clients are on the DMZ of the pix 172.16.0.1 /16. They receive static private IP's along that range. When someone needs a public IP I do a 1 to 1 translation on the pix and open up what incoming ports they need. What I want to be able to do is simply put the public IP address right on their computer/firewall and not have any ports blocked. Any Suggestions?

2 Replies 2

mheusinger
Level 10
Level 10

Hi,

you could assign a subnet from your official IP address range to this task and apply it to a DMZ interface. I would recommend a separate interface for this task. This would be configured along what you already do.

Hope this helps

Martin

jackko
Level 7
Level 7

not sure if i understand your issue correctly.

the extra bit you are trying to do is to permit all ports for the public ip, and leave the security open as a client's own responsibility.

e.g.

static (dmz,outside) 172.16.x.x netmask 255.255.255.255

access-list inbound permit ip any host

access-group inbound in interface outside

clear xlate local 172.16.x.x

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: