02-25-2008 05:31 AM - edited 03-11-2019 05:08 AM
Hi,
Right the setup is a pix 501 with one outside IP. Lets say 213.213.213.213.
What needs to be done is to allow an external company access (on ip 10.10.10.10) to 3 computers (192.168.1.1-192.168.1.3)on port 80. For remote access.
Now as far as I know I can only allow access from this external ip address to 1 of the computers as I only have one external IP (the firewall interface) and therefore only one port 80. As in these three lines of config:
access-list services permit tcp host 10.10.10.10 host 213.213.213.213 eq www
static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255 0 0
access-group services in interface outside
In conclusion there is no way I can allow access to the other two internal ips 192.168.1.2 or .3 from the external company ip 10.10.10.10.
All I need to know is if I am incorrect or if there is another way round it without more external IPs.
Many thanks for reading,
Daniel.
02-25-2008 05:38 AM
You are correct unless you use ports other than 80 for the other 2 servers like this...
static (inside,outside) tcp interface 8080 192.168.1.2 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8081 192.168.1.3 www netmask 255.255.255.255 0 0
02-25-2008 05:49 AM
Thanks for the help guys.. just to summarise>
I have now got three entries:
static (inside,outside) tcp interface www 192.168.2.101 www netmask 255.255.255.
255 0 0
static (inside,outside) tcp interface 81 192.168.2.102 www netmask 255.255.255.2
55 0 0
static (inside,outside) tcp interface 82 192.168.2.103 www netmask 255.255.255.2
55 0 0
The remote company should now be able to access all three. Just for info they are using gotomypc.
Thanks Again.
02-25-2008 05:41 AM
Hi Daniel
You are correct. The only way round this is if you could run the web service on 3 different ports so that you could setup 3 different static entries for it ie.
static (inside,outside) tcp interface www 192.168.1.1 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 81 192.168.1.1 81 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 82 192.168.1.1 82 netmask 255.255.255.255 0 0
Then the users at the other end would connect as
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: