09-13-2006 05:53 AM - edited 02-21-2020 01:10 AM
Hi,
I have 1 pub interface on my pix and one on our webserver. i want to map 2 hostnames from our isp (e.g. www.domain.com to https and backup.domain.com to port 8080). is this possible? i can't seem to find any docs on this.
Thanks,
Geoff
09-13-2006 06:49 AM
Hi,
Are you trying to map one (1) public IP to two (2) internal IP?
You can use a feature called port redirection. It allows hosts on a lower security interface to connect to a particular IP address and port and to have the PIX Firewall redirect the traffic to the appropriate server on a higher security interface.
The shared address can be a unique address, a shared outbound PAT address, or an address shared with the external interface. To implement port redirection, use the following command:
access-list outside permit tcp any host xx.xx.xx.5 eq https
access-list outside permit tcp any host xx.xx.xx.5 eq 8080
static (inside,outside) tcp xx.xx.xx.5 https 10.1.1.6 https netmask 255.255.255.255
static (inside,outside) tcp xx.xx.xx.5 8080 10.1.1.3 8080 netmask 255.255.255.255
access-group outside in interface outside
Rgds,
AK
09-13-2006 07:11 AM
thanks for the quick response! i am trying to go from 1 external ip to 1 internal ip with different ports:
Using your example below, but the internal ip is the same. possible?
static (inside,outside) tcp xx.xx.xx.5 https 10.1.1.6 https netmask 255.255.255.255
static (inside,outside) tcp xx.xx.xx.5 8080 10.1.1.6 8080 netmask 255.255.255.255
thanks again,
Geoff
09-13-2006 05:27 PM
If your destination points to the same server/host to 2 different service ports (TCP/UDP) but on the same application, i.e web server services, then I think there'll be some issue as you can't run 2 x HTTP services in the same server, just like running 2 x FTP server applications in one box.
Normally, for a HTTP application for example, you can always point to the same IP or hostname with different services or ports, not 2 different IP. What I mean is:
http://www.testing.com --> using standard TCP-www port
https://www.testing.com --> using TCP-443 port
You used port redirection if you need to use 1 (one) public IP to access 2 different IPs/hosts running same or different services with different port (TCP/UDP) number.
In your case, I would say it is not possible, unless your server (with OS feature?) allows it. Perhaps you can achieve it if your server has 2 different IP Addresses, as this allows you to point/access it via 2 different port services (http and https).
Pls rate helpful post.
Rgds,
AK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide