cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
841
Views
2
Helpful
3
Replies

Configurging PAT

Wajma_2
Level 1
Level 1

Hello,

I would like some configuration example for configuring PAT on PIX 515. We have 5 public IP addresses and around 20 machines that need to be published with public IP addresses, they include webservers and mail servers, and also a larger number of clients would like to be able to connect to the internet. How to configure the PIX to allow for inbound access for mail and web server and alos outbound for internet and how to configure the DNS for those published services

3 Replies 3

fzamora
Cisco Employee
Cisco Employee

Hi,

Please check the example below

webserver = 1.1.1.1

mailserver = 1.1.1.2

PUblic IP addresses

2.2.2.2

2.2.2.3

YOu want to grant access to those internal servers using the IP 2.2.2.2. YOu need to configure a static translation with Port redirection

static (inside,outside) tcp 2.2.2.2 80 1.1.1.1 80 netmask 255.255.255.255

static (inside,outside) tcp 2.2.2.2 25 1.1.1.2 25 netmask 255.255.255.255

Now create the ACL to allow the traffic to pass through

access-list inbound permit tcp any host 2.2.2.2 eq 80

access-list inbound permit tcp any host 2.2.2.2 eq 25

Apply the ACL to the outside interface

access-group inbound in interface outside

Now to allow inside users to go out to the internet using the other IP address (2.2.2.3), configure the following:

nat (inside) 1 0 0

global (outside) 1 2.2.2.3

With the rule above, all inside users will be port address translated when going to the outside interface (PAT)

Hope it helps,

Franco Zamora

Thank you very much for your input, However if we have multiple web servers and mail servers, how are we going to translate that and how are we doing the enty in the external DNS server for example we have currently

www.sale.com 2.2.2.2

www.rent.com 2.2.2.3

mail.sale.com 2.2.2.4

mail.rent.com 2.2.2.5

how are we going to use the external 2.2.2.2 address to represent all those server in the DNS and also on the PIX ( if we have multiple web are mail servers)

Thank you very much.

Very enlighting for me, thank you Franco.

My situation is a little different, we use DSL from our ISP and only have dynamic IP address, which means here:

Public IP address ( only one, change every few weeks):

dynamic....

How can I still configure PAT to allow access to a Linux server(ssh) and windows server(http), please help....

>>static (inside,outside) tcp Dynamic IP 80 1.1.1.1 80 netmask 255.255.255.255

Review Cisco Networking for a $25 gift card