- Posts: 2
- Thank you received: 0
Multiple Public IP Addresses NAT PIX515E
16 years 3 months ago #26397
by ciscos
Multiple Public IP Addresses NAT PIX515E was created by ciscos
Dear Experts,
I'm stuck with a PIX515E configuration (IOS 8.03). I have a 8 static public IP addresses from my ISP and I'm trying to NAT them.
Public ips: 78.112.65.160/28 (WAN)
Private ips: 10.0.0.1/28 (LAN)
70.112.65.160 -> 10.0.0.2 (web server)
70.112.65.161 -> 10.0.0.3 (ftp server)
70.112.65.162 -> 10.0.0.4 (ns1 server)
70.112.65.163 -> 10.0.0.5 (ns2 server)
70.112.65.164 -> 10.0.0.6 (mail server)
My network look like this:
ROUTER (in bridge mode) -> PIX (8.03) -> SWITCH (2950)
78.112.65.160/28 -> 78.112.65.161 (outside) PIX 10.0.0.1 (inside) -> 2950 -> 10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5,10.0.0.6
Thank you
I'm stuck with a PIX515E configuration (IOS 8.03). I have a 8 static public IP addresses from my ISP and I'm trying to NAT them.
Public ips: 78.112.65.160/28 (WAN)
Private ips: 10.0.0.1/28 (LAN)
70.112.65.160 -> 10.0.0.2 (web server)
70.112.65.161 -> 10.0.0.3 (ftp server)
70.112.65.162 -> 10.0.0.4 (ns1 server)
70.112.65.163 -> 10.0.0.5 (ns2 server)
70.112.65.164 -> 10.0.0.6 (mail server)
My network look like this:
ROUTER (in bridge mode) -> PIX (8.03) -> SWITCH (2950)
78.112.65.160/28 -> 78.112.65.161 (outside) PIX 10.0.0.1 (inside) -> 2950 -> 10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5,10.0.0.6
Thank you
16 years 3 months ago #26403
by ikon
Replied by ikon on topic Re: Multiple Public IP Addresses NAT PIX515E
Hi
You Router address is 160 so you can use this address to NAT.
Your Pix is 161 so you will not be able to use this address either.
You need static nat entries and an ACL for there traffic flow.
May i suggest
static (inside,outside) tcp 78.112.65.162 www 10.0.0.2 www netmask 255.255.255.255
static (inside,outside) tcp 78.112.65.162 ftp 10.0.0.3 ftp netmask 255.255.255.255
static (inside,outside) udp 78.112.65.162 53 10.0.0.4 53 netmask 255.255.255.255
static (inside,outside) udp 78.112.65.163 53 10.0.0.5 53 netmask 255.255.255.255
static (inside,outside) tcp 78.112.65.162 smtp 10.0.0.6 smtp netmask 255.255.255.255
you will need acl's for each aswell example
access-list outside-in permit tcp any host 78.112.65.162 eq smtp
If you do want to make use of all your ip's then change the static NAT lines.
hope this helps
You Router address is 160 so you can use this address to NAT.
Your Pix is 161 so you will not be able to use this address either.
You need static nat entries and an ACL for there traffic flow.
May i suggest
static (inside,outside) tcp 78.112.65.162 www 10.0.0.2 www netmask 255.255.255.255
static (inside,outside) tcp 78.112.65.162 ftp 10.0.0.3 ftp netmask 255.255.255.255
static (inside,outside) udp 78.112.65.162 53 10.0.0.4 53 netmask 255.255.255.255
static (inside,outside) udp 78.112.65.163 53 10.0.0.5 53 netmask 255.255.255.255
static (inside,outside) tcp 78.112.65.162 smtp 10.0.0.6 smtp netmask 255.255.255.255
you will need acl's for each aswell example
access-list outside-in permit tcp any host 78.112.65.162 eq smtp
If you do want to make use of all your ip's then change the static NAT lines.
hope this helps
16 years 3 months ago #26407
by ciscos
Replied by ciscos on topic Re: Multiple Public IP Addresses NAT PIX515E
router is in a bridge mode which means it doesn't route ip addresses just establishes DLS connection .OK you can assign only one IP on outside interface(PIX) with public IP how about the rest of public IPs? How they can be used without router?
ROUTER (BRIDGE MODE) -> PIX -> LAN
Thanks
ROUTER (BRIDGE MODE) -> PIX -> LAN
Thanks
16 years 3 months ago #26421
by ikon
Replied by ikon on topic Re: Multiple Public IP Addresses NAT PIX515E
The bridge should forward all traffic to the pix in anycase, the bridge will only see layer 2 traffic and forward that traffic out of all its ports except the port it come from.
If you have the Static commands set and the correct ACL's in place on the pix, then the pix will respond to the traffic from the bridge, the pix will act as your router/nat device and determine what traffic goes where.
Its very much like router mode where you will set the routers WAN interface and LAN interface to the Same IP/Mask effectively Bridging the 2 interfaces.
This is how i understand it, i dont use routers in bridge mode, if my advise does not work, hopefully someone with some bridging or bridgemode router experience can step in.
Thanks
If you have the Static commands set and the correct ACL's in place on the pix, then the pix will respond to the traffic from the bridge, the pix will act as your router/nat device and determine what traffic goes where.
Its very much like router mode where you will set the routers WAN interface and LAN interface to the Same IP/Mask effectively Bridging the 2 interfaces.
This is how i understand it, i dont use routers in bridge mode, if my advise does not work, hopefully someone with some bridging or bridgemode router experience can step in.
Thanks
Time to create page: 0.120 seconds