Re: PIX bind to two IP's

lgelinas · ‎01-06-2003

Can I bind my pix 515 to multiple Outside IP's? I want to use port 80 to get to my web server on one external IP and port 80 on a different IP to another internal server. If yes Then how ... (programming humour intended)

Thanks

L.Gelinas

lgelinas@healthspace.ca

gfullage · ‎01-06-2003

Sure, just use port redirection with your statics.

> static (inside,outside) tcp 200.1.1.1 80 10.1.1.1 80 netmask 255.255.255.0

> static (inside,outside) tcp 200.1.1.2 80 10.1.1.2 80 netmask 255.255.255.0

> access-list inbound permit tcp any host 200.1.1.1 eq www

> access-list inbound permit tcp any host 200.1.1.2 eq www

> access-group inbound in interface outside

where 200.1.1.1 and 200.1.1.2 are the two external IP addresses, and 10.1.1.1 and 10.1.1.2 are the two internal hosts that they map to. You'll obviously have to get these external addresses assigned to you by your ISP and have them routed to your PIX.

Keep in mind that you can't do something like:

> static (inside,outside) tcp 200.1.1.1 80 10.1.1.1 80 netmask 255.255.255.0

> static (inside,outside) tcp 200.1.1.2 80 10.1.1.1 80 netmask 255.255.255.0

where two outside addresses are mapped to one internal address (or vice versa), but as long as each port redirection (for the same port number) goes to a different host then you'll be OK.

gfullage · ‎01-07-2003

Whoops, just noticed my netmasks on the static commands I suggested are wrong. They should be 255.255.255.255, not 255.255.255.0 as I wrote.

lgelinas · ‎01-08-2003

I got the jist! thanks