11-29-2006 01:27 PM - edited 03-11-2019 02:02 AM
Hello,
I would like some configuration example for configuring PAT on PIX 515. We have 5 public IP addresses and around 20 machines that need to be published with public IP addresses, they include webservers and mail servers, and also a larger number of clients would like to be able to connect to the internet. How to configure the PIX to allow for inbound access for mail and web server and alos outbound for internet and how to configure the DNS for those published services
11-29-2006 08:32 PM
Hi,
Please check the example below
webserver = 1.1.1.1
mailserver = 1.1.1.2
PUblic IP addresses
2.2.2.2
2.2.2.3
YOu want to grant access to those internal servers using the IP 2.2.2.2. YOu need to configure a static translation with Port redirection
static (inside,outside) tcp 2.2.2.2 80 1.1.1.1 80 netmask 255.255.255.255
static (inside,outside) tcp 2.2.2.2 25 1.1.1.2 25 netmask 255.255.255.255
Now create the ACL to allow the traffic to pass through
access-list inbound permit tcp any host 2.2.2.2 eq 80
access-list inbound permit tcp any host 2.2.2.2 eq 25
Apply the ACL to the outside interface
access-group inbound in interface outside
Now to allow inside users to go out to the internet using the other IP address (2.2.2.3), configure the following:
nat (inside) 1 0 0
global (outside) 1 2.2.2.3
With the rule above, all inside users will be port address translated when going to the outside interface (PAT)
Hope it helps,
Franco Zamora
11-30-2006 01:45 PM
Thank you very much for your input, However if we have multiple web servers and mail servers, how are we going to translate that and how are we doing the enty in the external DNS server for example we have currently
www.sale.com 2.2.2.2
www.rent.com 2.2.2.3
mail.sale.com 2.2.2.4
mail.rent.com 2.2.2.5
how are we going to use the external 2.2.2.2 address to represent all those server in the DNS and also on the PIX ( if we have multiple web are mail servers)
Thank you very much.
01-17-2007 10:34 AM
Very enlighting for me, thank you Franco.
My situation is a little different, we use DSL from our ISP and only have dynamic IP address, which means here:
Public IP address ( only one, change every few weeks):
dynamic....
How can I still configure PAT to allow access to a Linux server(ssh) and windows server(http), please help....
>>static (inside,outside) tcp Dynamic IP 80 1.1.1.1 80 netmask 255.255.255.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide