PIX 501 with private IP

jdrose_2 · ‎12-13-2005

Hello,

We are using a PIX 501 behind a DSL modem. We have a single public IP address assigned to the outside interface of the modem, a single private IP address on the inside interface of the modem and a single private IP on the outside interface of the PIX. How can we route traffic (smtp / remote desktop (tcp 3389))pointed to the public IP (outside interface of the modem) to a system on the private subnet on the inside interface of the PIX?

Example: DSL modem outside: 207.154.14.xxx

DSL modem inside: 192.168.0.1

PIX outside: 192.168.0.2 (gateway 192.168.0.1)

PIX inside: 192.168.1.1

We want to route smtp / terminal services directed to 207.154.14.xxx to server 192.168.1.10. Thanks.

nkhawaja · ‎12-13-2005

What DSL modem is it. Is it a DSL router? I think it should have the NAT/PAT capability. you need to first configure it to redirect the particular traffic towards pix.

then configure pix for static translations and access-lists

jdrose_2 · ‎12-14-2005

Thanks - it is a DSL modem, ActionTec 1524. All I can do on it is turn NAT off. I have set port forwarding on it to pass both port 25 and 3389 to the outside address of the PIX (192.168.0.2) and set the access-list in the PIX to allow those ports to pass to the server (192.168.1.10), do I need to set up a static route from 192.168.0.2 (outside PIX) to 192.168.1.10 (Server)?

dabhatta · ‎12-14-2005

Assuming you want to remote-desktop TO the inside pc (192.168.1.10) FROM an internet address, you would need to NAT the inside pc to a static global IP address.(seperate from DSL modem's external IP or PAT to specific port using the DSL modem extrenal IP)

When you access internet from your internal pc's (192.168.1.0/24) the source address is your DSL modem external IP, becuase of NAT. The return traffic is hence translated to the original private ip and forwarded to internal pc's.