Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
5
Replies

Inbound and Outbound Addresses

jgatsondoc
Level 1
Level 1

‎04-18-2005 11:21 AM - edited ‎03-09-2019 10:59 AM

We are using static IP Addresses and tried to change the inbound address, but was unable to because it is on the same network as the outbound address. Is there a workaround for this. We can get to the PIX firewall, but not to the internet. We are not using DHCP on any interface. Please help!!!

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎04-18-2005 11:29 AM

You cannot have 2 interfaces of the PIX on the same subnet.. you need to have 2 different networks for this.. is the outbound connecting to a router ?? if so, have a different network and do a nat either on the PIX or on the router.

let me know

Raj

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to sachinraja

‎04-19-2005 05:07 AM

1.) If I understand right what you wants to do is permit an inbound connection for example http pr smtp to an internal host with your outside IP (public).

Yes this is possible and called port forwarding.

example Port forwarding with one public IP:

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0

or

access-list acl_out permit tcp any interface outside eq http

access-group acl_out in interface outside

static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0

2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

See:http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

Please provide an more detailed example if that did not answered your question.

sincerely

Patrick

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to sachinraja

‎04-19-2005 05:08 AM

1.) If I understand right what you wants to do is permit an inbound connection for example http pr smtp to an internal host with your outside IP (public).

Yes this is possible and called port forwarding.

example Port forwarding with one public IP:

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0

or

access-list acl_out permit tcp any interface outside eq http

access-group acl_out in interface outside

static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0

2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

See:http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

Please provide an more detailed example if that did not answered your question.

sincerely

Patrick

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to sachinraja

‎04-19-2005 05:14 AM

1.) If I understand right what you wants to do is permit an inbound connection for example http pr smtp to an internal host with your outside IP (public).

Yes this is possible and called port forwarding.

example Port forwarding with one public IP:

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0

or

access-list acl_out permit tcp any interface outside eq http

access-group acl_out in interface outside

static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0

2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

See:http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

Please provide an more detailed example if that did not answered your question.

sincerely

Patrick

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to sachinraja

‎04-19-2005 05:19 AM

1.) If I understand right what you want to do is: Permit an inbound connection for example http or smtp to an internal host with your outside interface IP (public).

Yes this is possible and called port forwarding.

example Port forwarding with one public IP:

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0

or

access-list acl_out permit tcp any interface outside eq http

access-group acl_out in interface outside

static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0

2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.

example NAT for ftp:

access-list acl_out permit tcp any host YourPublicIP eq ftp

static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0

See:http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

Please provide an more detailed example if that did not answered your question.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents