Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
0
Helpful
1
Replies

Pix-Firewall IP static connections

avvenk
Level 1
Level 1

‎03-16-2005 06:29 AM - edited ‎02-21-2020 12:01 AM

Hi,

On PIX-Firewall 515E, I need to identify internal SMTP Servers IP (192.168.168.7 on DMZ and 192.168.5.29 on Inside) like public IP 217.220.28.164 on Outside.

Having already PAT configured on:

global (outside) 1 interface

global (dmz) 1 interface

nat (inside) 1 192.168.0.0 255.255.0.0 0 0

nat (dmz) 1 192.168.168.0 255.255.255.0 0 0

where outside interface is IP 217.220.28.161 /27

and dmz interface is IP 192.168.168.1 /24

I have configured:

static (inside,outside) tcp 217.220.28.164 smtp 192.168.5.29 smtp netmask 255.255.255.255

static (dmz,outside) tcp 217.220.28.164 smtp 192.168.168.7 smtp netmask 255.255.255.255

access-list outside permit tcp any host 217.220.28.164 eq www

access-group outside in interface outside

.

After a "clear xlate" I see that from external (outside) the two inside/dmz servers IP are .161, yet.

Can I map two or more internal IP servers with the same public IP ? Is my configuration correct ?

Best Regards, Luca

0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎03-16-2005 09:11 AM

No you cannot Port Forward twice the same port (smtp) on two diffrent destinations.

By the way you also need to add a line into the access-list so that SMTP will be permited to the DMZ od the inside interface.

access-list outside permit tcp any host 217.220.28.164 eq smtp

To do that you need two diffrent public IP's.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card