01-05-2006 01:09 PM - edited 03-03-2019 11:22 AM
Here's my situation we're a WISP and the PIX515 is our gateway to the internet for our clients. All of our clients are on the DMZ of the pix 172.16.0.1 /16. They receive static private IP's along that range. When someone needs a public IP I do a 1 to 1 translation on the pix and open up what incoming ports they need. What I want to be able to do is simply put the public IP address right on their computer/firewall and not have any ports blocked. Any Suggestions?
01-05-2006 03:00 PM
Hi,
you could assign a subnet from your official IP address range to this task and apply it to a DMZ interface. I would recommend a separate interface for this task. This would be configured along what you already do.
Hope this helps
Martin
01-05-2006 03:20 PM
not sure if i understand your issue correctly.
the extra bit you are trying to do is to permit all ports for the public ip, and leave the security open as a client's own responsibility.
e.g.
static (dmz,outside)
access-list inbound permit ip any host
access-group inbound in interface outside
clear xlate local 172.16.x.x
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: