04-18-2005 11:21 AM - edited 03-09-2019 10:59 AM
We are using static IP Addresses and tried to change the inbound address, but was unable to because it is on the same network as the outbound address. Is there a workaround for this. We can get to the PIX firewall, but not to the internet. We are not using DHCP on any interface. Please help!!!
04-18-2005 11:29 AM
You cannot have 2 interfaces of the PIX on the same subnet.. you need to have 2 different networks for this.. is the outbound connecting to a router ?? if so, have a different network and do a nat either on the PIX or on the router.
let me know
Raj
04-19-2005 05:07 AM
1.) If I understand right what you wants to do is permit an inbound connection for example http pr smtp to an internal host with your outside IP (public).
Yes this is possible and called port forwarding.
example Port forwarding with one public IP:
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0
or
access-list acl_out permit tcp any interface outside eq http
access-group acl_out in interface outside
static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0
2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0
Please provide an more detailed example if that did not answered your question.
sincerely
Patrick
04-19-2005 05:08 AM
1.) If I understand right what you wants to do is permit an inbound connection for example http pr smtp to an internal host with your outside IP (public).
Yes this is possible and called port forwarding.
example Port forwarding with one public IP:
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0
or
access-list acl_out permit tcp any interface outside eq http
access-group acl_out in interface outside
static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0
2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0
Please provide an more detailed example if that did not answered your question.
sincerely
Patrick
04-19-2005 05:14 AM
1.) If I understand right what you wants to do is permit an inbound connection for example http pr smtp to an internal host with your outside IP (public).
Yes this is possible and called port forwarding.
example Port forwarding with one public IP:
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0
or
access-list acl_out permit tcp any interface outside eq http
access-group acl_out in interface outside
static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0
2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0
Please provide an more detailed example if that did not answered your question.
sincerely
Patrick
04-19-2005 05:19 AM
1.) If I understand right what you want to do is: Permit an inbound connection for example http or smtp to an internal host with your outside interface IP (public).
Yes this is possible and called port forwarding.
example Port forwarding with one public IP:
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) tcp YourPublicIP ftp LocalIP ftp netmask 255.255.255.255 0 0
or
access-list acl_out permit tcp any interface outside eq http
access-group acl_out in interface outside
static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0
2.) If you have another public IP than the outside IP, then you NAT to the internal host this is called NAT - Network address translation.
example NAT for ftp:
access-list acl_out permit tcp any host YourPublicIP eq ftp
static (inside,outside) YourPublicIP LocalIP netmask 255.255.255.255 0 0
Please provide an more detailed example if that did not answered your question.
sincerely
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide