https://community.cisco.com/t5/network-security/pix-515-setup-with-1-external-ip/m-p/200057#M616704 <P>We currently have a /30 external subnet to the internet (2 IP address in reality, 1 on outside of PIX, 1 on perimeter router). We want to allow 4 inside machines outbound using a variety of protocols and SMTP traffic inbound to the mail server. One of the inside machines is an HTTP proxy. I was going to use PAT oubound and static PAT inbound. Is this the best way of doing this given the lack of IPs?</P><P>Will PATing a proxied HTTP request result in degraded performance?</P> Fri, 21 Feb 2020 06:49:23 GMT g.leonard 2020-02-21T06:49:23Z https://community.cisco.com/t5/network-security/pix-515-setup-with-1-external-ip/m-p/200057#M616704 <P>We currently have a /30 external subnet to the internet (2 IP address in reality, 1 on outside of PIX, 1 on perimeter router). We want to allow 4 inside machines outbound using a variety of protocols and SMTP traffic inbound to the mail server. One of the inside machines is an HTTP proxy. I was going to use PAT oubound and static PAT inbound. Is this the best way of doing this given the lack of IPs?</P><P>Will PATing a proxied HTTP request result in degraded performance?</P> Fri, 21 Feb 2020 06:49:23 GMT https://community.cisco.com/t5/network-security/pix-515-setup-with-1-external-ip/m-p/200057#M616704 g.leonard 2020-02-21T06:49:23Z https://community.cisco.com/t5/network-security/pix-515-setup-with-1-external-ip/m-p/200058#M616705 <HTML><HEAD></HEAD><BODY><P>You should be fine so long as the http proxy doesn't serve thousands of users. Theoretically, PAT can work for 65k connections, but in practice there are some limitations. Running out of PAT translation slots should be the only possible performance limitation, and that should only happen if you have 10s of thousands of concurrent connections.</P></BODY></HTML> Fri, 27 Jun 2003 15:39:48 GMT https://community.cisco.com/t5/network-security/pix-515-setup-with-1-external-ip/m-p/200058#M616705 mostiguy 2003-06-27T15:39:48Z