I am setting up the PIX with inbound connections to several different hosts on my internal network. I am confused on using the static command because I have eight internal hosts that receive connections from the outside world. Do I have to use a seperate real world IP address for each of these machines and statically map them? Please advise.
If you've got eight routable IPs to use, you can do a one-for-one static binding. But if your servers should each be accessed on a different port(s) from the outside, you can use port redirection, which would let you bind all eight servers to one routable IP. In effect, the distinction between servers is made at Layer 4 (rather than 3). You'll need image 6.0 or later. Check out http://www.cisco.com/warp/public/707/28.html#port for the details.
The first statement governs traffic flowing from your outside interface to your inside interface. If traffic will be flowing from your DMZ to your inside interface, then you'll need to setup a static (inside,dmz) binding. Be sure to create the appropriate access list or conduit, since the PIX doesn't pass traffic from a lower security interface to a higher one unless you tell it to.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
