Re: mapping 1 public ip to two local ip

ackyean · ‎12-16-2004

Hi,

I am using Pix 515e ver 6.2(2). Is it possible to map a public IP to two local IPs. Secondly, the two local IPs will listen to different port number.

|--->Local IP_1 (tcp 80)

515e -----------|

Public IP |--->Local IP_2 (tcp 139)

static (inside,outside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255 0 0

static (inside,outside) 1.1.1.1 172.16.1.2 netmask 255.255.255.255 0 0

conduit permit tcp host 1.1.1.1 eq 80 any

conduit permit tcp host 1.1.1.1 eq 139 any

Can the command above work? Else, is there any examples I can refer to?

Thanks.

johnny_br · ‎12-16-2004

It won't. If you want to map two different ports with a singe ip, you can do the following:

static (inside,outside) tcp w.x.y.z 80 172.16.1.1 80 netmask 255.255.255.255

static (inside,outside) tcp w.x.y.z 139 172.16.1.2 139 netmask 255.255.255.255

Your conduit statements are correct, but forget about using conduit (and I am sure you'll hear this over and over again). They've been replaced by access-list/access-group.

access-list acl_out permit tcp any host w.x.y.z eq 80

access-list acl_out permit tcp any host w.x.y.z eq 139

access-group acl_out in interface outside

I hope this helps.

ackyean · ‎12-16-2004

Thanks a million