Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
2
Helpful
3
Replies

Configurging PAT

Wajma_2
Level 1
Level 1

‎11-29-2006 01:27 PM - edited ‎03-11-2019 02:02 AM

Hello,

I would like some configuration example for configuring PAT on PIX 515. We have 5 public IP addresses and around 20 machines that need to be published with public IP addresses, they include webservers and mail servers, and also a larger number of clients would like to be able to connect to the internet. How to configure the PIX to allow for inbound access for mail and web server and alos outbound for internet and how to configure the DNS for those published services

Labels:
0 Helpful
3 Replies 3

fzamora
Cisco Employee
Cisco Employee

‎11-29-2006 08:32 PM

Hi,

Please check the example below

webserver = 1.1.1.1

mailserver = 1.1.1.2

PUblic IP addresses

2.2.2.2

2.2.2.3

YOu want to grant access to those internal servers using the IP 2.2.2.2. YOu need to configure a static translation with Port redirection

static (inside,outside) tcp 2.2.2.2 80 1.1.1.1 80 netmask 255.255.255.255

static (inside,outside) tcp 2.2.2.2 25 1.1.1.2 25 netmask 255.255.255.255

Now create the ACL to allow the traffic to pass through

access-list inbound permit tcp any host 2.2.2.2 eq 80

access-list inbound permit tcp any host 2.2.2.2 eq 25

Apply the ACL to the outside interface

access-group inbound in interface outside

Now to allow inside users to go out to the internet using the other IP address (2.2.2.3), configure the following:

nat (inside) 1 0 0

global (outside) 1 2.2.2.3

With the rule above, all inside users will be port address translated when going to the outside interface (PAT)

Hope it helps,

Franco Zamora

Wajma_2
Level 1
Level 1
In response to fzamora

‎11-30-2006 01:45 PM

Thank you very much for your input, However if we have multiple web servers and mail servers, how are we going to translate that and how are we doing the enty in the external DNS server for example we have currently

www.sale.com 2.2.2.2

www.rent.com 2.2.2.3

mail.sale.com 2.2.2.4

mail.rent.com 2.2.2.5

how are we going to use the external 2.2.2.2 address to represent all those server in the DNS and also on the PIX ( if we have multiple web are mail servers)

Thank you very much.

0 Helpful

sean chang
Level 1
Level 1
In response to fzamora

‎01-17-2007 10:34 AM

Very enlighting for me, thank you Franco.

My situation is a little different, we use DSL from our ISP and only have dynamic IP address, which means here:

Public IP address ( only one, change every few weeks):

dynamic....

How can I still configure PAT to allow access to a Linux server(ssh) and windows server(http), please help....

>>static (inside,outside) tcp Dynamic IP 80 1.1.1.1 80 netmask 255.255.255.255

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card