- Posts: 1
- Thank you received: 0
Multiple Outside IP on 501 PIX
- mvgtcrash69
- Offline
- New Member
-
Less
More
18 years 2 months ago #17005
by mvgtcrash69
Replied by mvgtcrash69 on topic Multiple statics and one public IP???
Hi there, I've tried using multiple static entries with one public IP to allow incoming access to different dmz servers (e.g. ftp and http) and it works, but the servers cannot connect to the internet even though there is an access list allowing outbound access to anything. See the below and tell me if I am doing anything wrong why my servers can't access the Internet.
Static (dmz1,outside) tcp 200.100.100.76 80 192.168.250.50 80 netmask 255.255.255.255 0 0
Static (dmz1,outside) tcp 204.100.100.76 21 192.168.250.51 21 netmask 255.255.255.255 0 0
Access-list dmz1 permit tcp host 192.168.250.50 any
Access-list dmz1 permit udp host 192.168.250.50 any
Access-list dmz1 permit tcp host 192.168.250.51 any
Access-list dmz1 permit udp host 192.168.250.51 any
Access-list acl-out permit tcp any host 204.100.100.76 eq 80
Access-list acl-out permit tcp any host 204.188.100.76 eq 21
Static (dmz1,outside) tcp 200.100.100.76 80 192.168.250.50 80 netmask 255.255.255.255 0 0
Static (dmz1,outside) tcp 204.100.100.76 21 192.168.250.51 21 netmask 255.255.255.255 0 0
Access-list dmz1 permit tcp host 192.168.250.50 any
Access-list dmz1 permit udp host 192.168.250.50 any
Access-list dmz1 permit tcp host 192.168.250.51 any
Access-list dmz1 permit udp host 192.168.250.51 any
Access-list acl-out permit tcp any host 204.100.100.76 eq 80
Access-list acl-out permit tcp any host 204.188.100.76 eq 21
18 years 2 months ago #17006
by d_jabsd
you would replace '24.113.x.x' with 'interface'.
Replied by d_jabsd on topic Re: Multiple Outside IP on 501 PIX
What would you put in place of 24.113.x.x
if the outside interface is getting it's IP via DHCP (DSL, cable)?
I need to route Remote Desktop web connection traffic from the internet to a box inside my network.
you would replace '24.113.x.x' with 'interface'.
18 years 2 months ago #17007
by d_jabsd
You need to set up an outbound NAT for your DMZ servers to get standard internet access.
the ACLs and statics are only for inbound connections. They do not affect outbound (unless the outside acl is applied outbound)
Replied by d_jabsd on topic Re: Multiple statics and one public IP???
Hi there, I've tried using multiple static entries with one public IP to allow incoming access to different dmz servers (e.g. ftp and http) and it works, but the servers cannot connect to the internet even though there is an access list allowing outbound access to anything. See the below and tell me if I am doing anything wrong why my servers can't access the Internet.
Static (dmz1,outside) tcp 200.100.100.76 80 192.168.250.50 80 netmask 255.255.255.255 0 0
Static (dmz1,outside) tcp 204.100.100.76 21 192.168.250.51 21 netmask 255.255.255.255 0 0
Access-list dmz1 permit tcp host 192.168.250.50 any
Access-list dmz1 permit udp host 192.168.250.50 any
Access-list dmz1 permit tcp host 192.168.250.51 any
Access-list dmz1 permit udp host 192.168.250.51 any
Access-list acl-out permit tcp any host 204.100.100.76 eq 80
Access-list acl-out permit tcp any host 204.188.100.76 eq 21
You need to set up an outbound NAT for your DMZ servers to get standard internet access.
the ACLs and statics are only for inbound connections. They do not affect outbound (unless the outside acl is applied outbound)
Time to create page: 0.124 seconds