Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
4
Replies

Pix VPN & Port forwarding

Go to solution
mattias
Level 1
Level 1

‎01-04-2007 02:29 AM - edited ‎02-21-2020 02:47 PM

Hi!

I have installed a Pix latest 6.x version and have some questions. Is there a way to have several ipadresses on outside interface? I want to bind diffrent rules to/from ipadresses. For example www should point to a inside server ip. Also a VPN solution should work.

Outside ip from ISP should be aaa.bbb.ccc.82 and a get VPN to work.

I now need a way to allow outside aaa.bbb.ccc.90 adress to accept ISP webserver. Is there a way to get outside interface to answar both aaa.bbb.ccc.82 and 90 adress? If so i think i can work out a config.

Kr

Mattias

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
rselmecz
Level 1
Level 1

‎01-06-2007 02:02 PM

Hi Mattias,

If I got well the IP aaa.bbb.ccc.82 is the physical IP of the PIX and th IP aaa.bbb.ccc.90 should be an outside IP of a server behind the PIX.

In this case you'll only need th create a static entry in the PIX to answer these queries, like this ( assuming that the ouside and the inside interfaces named "ouside" and "inside" and the server's inside IP is xx.yy.zz.90 ) :

static(inside,outside) aaa.bbb.ccc.90 xx.yy.zz.90 netmask 255.255.255.255

Please let me know if not this is the situation.

Regards,

// Roland

View solution in original post

0 Helpful

Go to solution
5220
Level 4
Level 4
In response to rselmecz

‎01-07-2007 12:11 PM

Mattias,

The way to do it is create static on specific port for the web traffic, ie:

static (inside,outside) tcp www www netmask 255.255.255.255

For the rest of the users you can keep the NAT or a general static.

Please rate if this helped.

Regards,

Daniel

View solution in original post

0 Helpful
4 Replies 4

Go to solution
rselmecz
Level 1
Level 1

‎01-06-2007 02:02 PM

Hi Mattias,

If I got well the IP aaa.bbb.ccc.82 is the physical IP of the PIX and th IP aaa.bbb.ccc.90 should be an outside IP of a server behind the PIX.

In this case you'll only need th create a static entry in the PIX to answer these queries, like this ( assuming that the ouside and the inside interfaces named "ouside" and "inside" and the server's inside IP is xx.yy.zz.90 ) :

static(inside,outside) aaa.bbb.ccc.90 xx.yy.zz.90 netmask 255.255.255.255

Please let me know if not this is the situation.

Regards,

// Roland

0 Helpful

Go to solution
5220
Level 4
Level 4
In response to rselmecz

‎01-07-2007 12:11 PM

Mattias,

The way to do it is create static on specific port for the web traffic, ie:

static (inside,outside) tcp www www netmask 255.255.255.255

For the rest of the users you can keep the NAT or a general static.

Please rate if this helped.

Regards,

Daniel

0 Helpful

Go to solution
mattias
Level 1
Level 1
In response to 5220

‎01-17-2007 03:15 AM

Ok it?s working fine now except that the users on inside pix complain about unsteady connection to internet. I?m thinking about speed and duplex. Current is 10BaseT. They have 2 m/bit line i think. Can i use any other command on the interface to make it more stabel?

Kr

Mattias

0 Helpful

Go to solution
m.sir
Level 7
Level 7
In response to mattias

‎01-17-2007 05:44 AM

You can verify if there are some errors on interface

with command

show interface e0

You should check counters (CRC, late collision) for errors

M.

0 Helpful
Customers Also Viewed These Support Documents