Static Many to One Rules

koaps · ‎08-30-2003

I'm trying to do something like this:

static (dmz,outside) udp 100.1.1.60 9000 192.168.1.4 9000 netmask 255.255.255.255 0 0

static (dmz,outside) udp 100.1.1.61 9000 192.168.1.4 9000 netmask 255.255.255.255 0 0

static (dmz,outside) udp 100.1.1.62 9000 192.168.1.4 9000 netmask 255.255.255.255 0 0

static (dmz,outside) udp 100.1.1.63 9000 192.168.1.4 9000 netmask 255.255.255.255 0 0

static (dmz,outside) 100.1.1.60 192.168.0.4 netmask 255.255.255.255 0 0

On a Pix 520 with IOS 6.3, I get errors about duplicate entries. Is there anyway around that? or another method to establish that relationship?(using a router too maybe?)

mostiguy · ‎08-30-2003

A pix is not a load balancer. It sounds like you are trying to make it one. Why do you want to have multiple statics in that configuration?

koaps · ‎08-31-2003

It has something to do with the way my company does destination port discovery. We use source ports to control how our client software acts and how it finds our servers making firewall administration on the client end vary easy. We want multiple outside IP's open for listening only ideally. The reply traffic will be coming from another ip(the static map for the server)

We want multiple IP's open, but there is only one server, and thus only one internal IP. We are currently doing this relationship with an IpTables firewall, but wish to move over to out PIX 520.

I was thinking about maybe trying to use a 2621 router I have to intercept the packets and reroute them to internal.

Main thing for us is to keep the port information from the client intact and not changed by the PIX, so we know the ports opened by the client, since they will probably be natd in the first place.

Any ideas would be helpful, I really don't want to run two firewalls.

Thanks