Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
3
Replies

PIX: map same pub ip address to 2 different ports?

trailman73
Level 4
Level 4

‎09-13-2006 05:53 AM - edited ‎02-21-2020 01:10 AM

Hi,

I have 1 pub interface on my pix and one on our webserver. i want to map 2 hostnames from our isp (e.g. www.domain.com to https and backup.domain.com to port 8080). is this possible? i can't seem to find any docs on this.

Thanks,

Geoff

0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎09-13-2006 06:49 AM

Hi,

Are you trying to map one (1) public IP to two (2) internal IP?

You can use a feature called port redirection. It allows hosts on a lower security interface to connect to a particular IP address and port and to have the PIX Firewall redirect the traffic to the appropriate server on a higher security interface.

The shared address can be a unique address, a shared outbound PAT address, or an address shared with the external interface. To implement port redirection, use the following command:

access-list outside permit tcp any host xx.xx.xx.5 eq https

access-list outside permit tcp any host xx.xx.xx.5 eq 8080

static (inside,outside) tcp xx.xx.xx.5 https 10.1.1.6 https netmask 255.255.255.255

static (inside,outside) tcp xx.xx.xx.5 8080 10.1.1.3 8080 netmask 255.255.255.255

access-group outside in interface outside

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

Rgds,

AK

0 Helpful

trailman73
Level 4
Level 4
In response to a.kiprawih

‎09-13-2006 07:11 AM

thanks for the quick response! i am trying to go from 1 external ip to 1 internal ip with different ports:

Using your example below, but the internal ip is the same. possible?

static (inside,outside) tcp xx.xx.xx.5 https 10.1.1.6 https netmask 255.255.255.255

static (inside,outside) tcp xx.xx.xx.5 8080 10.1.1.6 8080 netmask 255.255.255.255

thanks again,

Geoff

0 Helpful

a.kiprawih
Level 7
Level 7
In response to trailman73

‎09-13-2006 05:27 PM

If your destination points to the same server/host to 2 different service ports (TCP/UDP) but on the same application, i.e web server services, then I think there'll be some issue as you can't run 2 x HTTP services in the same server, just like running 2 x FTP server applications in one box.

Normally, for a HTTP application for example, you can always point to the same IP or hostname with different services or ports, not 2 different IP. What I mean is:

http://www.testing.com --> using standard TCP-www port

https://www.testing.com --> using TCP-443 port

You used port redirection if you need to use 1 (one) public IP to access 2 different IPs/hosts running same or different services with different port (TCP/UDP) number.

In your case, I would say it is not possible, unless your server (with OS feature?) allows it. Perhaps you can achieve it if your server has 2 different IP Addresses, as this allows you to point/access it via 2 different port services (http and https).

Pls rate helpful post.

Rgds,

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card