Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
3
Replies

can pix do this?

jeff.lee
Level 1
Level 1

‎02-12-2004 09:56 PM - edited ‎02-20-2020 11:14 PM

can pix do this?

1.NAT PROBLEM

for instance,pix's public address is 218.242.2.1,its private ip address is 192.168.0.1/24,there is a server whose ip address is 192.168.0.100,if someone in internet want to access tcp ports from 2000 to 5000 of 218.242.2.1,the pix can forward all the traffic to 192.168.0.100?if can,how to do this?

2.VPN problem

the structure is :

INTERNET--ROUTERA--PIX--LAN,both the ip address of inside and outside of the router are public address,and both the ip address of inside and outside of the pix are private address,.but I use NAT to translate the pix's outside ip address to a public address,then can pix act as a vpn server?that means if someone in internet can dialer in the pix with cisco vpn client software?if can,is there any diffirent config in pix or router?in the pix's place,if there is a routerb or vpn3000,can they act as vpn server?

thanks

0 Helpful
3 Replies 3

l.mourits
Level 5
Level 5

‎02-13-2004 12:50 AM

Hi,

1) Yes,this is possible, you have to configure this:

static (inside, outside) interface 192.168.0.100 netmask 255.255.255.255

object-group service tcp-udp

port-object range 2000 5000

access-list outside_in permit tcp any interface object-group

2) Yes, this is possible, see this url for a good sample:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

Hope this help & kind regards,

Leo

0 Helpful

jeff.lee
Level 1
Level 1
In response to l.mourits

‎02-15-2004 05:00 PM

thank u first!

but the second problem,maybe u misunderstand,I mean the pix doesnot have a real public ip address,a router is outside the pix which has real public address,and use NAT in the router,which translate the pix's outside ip address(which is a private ip address like 10.0.0.1) to a public ip address (such as 218.242.0.1),then the vpn client try to connect to 218.242.0.1,is it possible?

0 Helpful

l.mourits
Level 5
Level 5
In response to jeff.lee

‎02-18-2004 02:33 PM

Sorry, I indeed missed the router doing NAT.

As long as the router does a full static IP translation (1 on 1) you should be fine. If it does in fact PAT you need some configuration on your router as well (but still can be done)

One thing bothers me, why have you chose such setup?

Kind regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card