Skip to main content

Multiple Outside IP on 501 PIX

More
19 years 5 months ago #8764 by JerryParker
Can anyone help me - I'm a PIX newbie, and am interested in help with the cfg of PIX501:
Outside:
24.113.x.x
24.112.x.y

Inside:
192.168.1.x

Routes from outside x.x to inside 192.168.1.200/250
and from outside x.y to inside 192.168.1.10/100

Different ports specify which internal machine. (Differnet "domains" inside firewall, each with mail, ftp, etc...)

Cannot access https://192.168.1.1/startup.html the page freezes "please wait while page loads..." - upgraded to new java, no luck.

Can access through console port, but it's pretty "expert freindly" for a newbie! Thanks in advance!
javascript:emoticon(':D')
Very Happy
Jerry
More
19 years 4 months ago #9025 by Saju
Replied by Saju on topic PIX issue
As I understand you have a PIX 501.

1. You need to create a static translation between the public address on the outside of the firewall and a private server address in the Inside. Am i right ?

Format is:
static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250

access-list 101 permit tcp any host 24.113.x.x eq 250


2. You were not able to access the PIX Device Manager (PDM ). Did you verify you have the follwing commands in the config..

http server enable
http 0 0 inside

I think PDM does not support Java above 1.42. Please verify the Java version. Cisco has a case open with Sun in regards to this.


Saj..
More
18 years 5 months ago #14982 by danherbon
when you state:

static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250


exactly what does the 250 mean in this statement?
More
18 years 5 months ago #14990 by drizzle
This doesn't explain what the "250" means in

static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250

but it does explain the original question in detail.

www.cisco.com/warp/public/707/28.html --> Cisco.
More
18 years 5 months ago #14992 by d_jabsd

when you state:

static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250


exactly what does the 250 mean in this statement?


250 is the port. You can use statics for a one to one NAT or for Port address translation.

if you only had one public IP but 3 internal servers that needed to be publically accessable, you can use the port to determine which internal server gets the traffic.
PAT Example: for a web server, mta, and a POP3 server you could do the following:

192.168.1.2 = www (80)
192.168.1.3 = mta (25)
192.168.1.4 = pop3 (110)

static (inside,outside) tcp 24.113.x.x 80 192.168.1.2 80 netmask 255.255.255.255 0 0
static (inside,outside) tcp 24.113.x.x 25 192.168.1.3 25 netmask 255.255.255.255 0 0
static (inside,outside) tcp 24.113.x.x 110 192.168.1.4 110 netmask 255.255.255.255 0 0

all other outgoing traffic would use the global nat.

One to One NAT Example:

static (inside,outside) 24.113.x.x 192.168.1.5 netmask 255.255.255.255 0 0

The last 2 items (0 0 in my example) are the 'max connections' and the 'embryonic limit'.

Max connections in the maximum number of connections you will allow at any given time.
Embryonic limit is the maximum number of connections you will allow at any given time that have not yet completed the handshake between the source and destination.
More
18 years 3 months ago #16238 by trarthur
What would you put in place of 24.113.x.x
if the outside interface is getting it's IP via DHCP (DSL, cable)?

I need to route Remote Desktop web connection traffic from the internet to a box inside my network.
Time to create page: 0.132 seconds