11-12-2001 01:37 PM - edited 02-20-2020 09:54 PM
I am setting up the PIX with inbound connections to several different hosts on my internal network. I am confused on using the static command because I have eight internal hosts that receive connections from the outside world. Do I have to use a seperate real world IP address for each of these machines and statically map them? Please advise.
11-12-2001 02:02 PM
If you've got eight routable IPs to use, you can do a one-for-one static binding. But if your servers should each be accessed on a different port(s) from the outside, you can use port redirection, which would let you bind all eight servers to one routable IP. In effect, the distinction between servers is made at Layer 4 (rather than 3). You'll need image 6.0 or later. Check out http://www.cisco.com/warp/public/707/28.html#port for the details.
11-12-2001 02:47 PM
I have about 35 IP's. Now I see where it says static (inside, Outside) XXXXXXX. Do I need to use this for accessing the DMZ as in the following
Static (inside, dmz) or does the the first one cover this as well. Thank you in advance.
11-13-2001 05:30 AM
The first statement governs traffic flowing from your outside interface to your inside interface. If traffic will be flowing from your DMZ to your inside interface, then you'll need to setup a static (inside,dmz) binding. Be sure to create the appropriate access list or conduit, since the PIX doesn't pass traffic from a lower security interface to a higher one unless you tell it to.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide