Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Multiple Public IP Addresses NAT PIX515E

Multiple Public IP Addresses NAT PIX515E 8 years 6 months ago #26397

  • ciscos
  • ciscos's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Dear Experts,

I'm stuck with a PIX515E configuration (IOS 8.03). I have a 8 static public IP addresses from my ISP and I'm trying to NAT them.

Public ips: 78.112.65.160/28 (WAN)
Private ips: 10.0.0.1/28 (LAN)

70.112.65.160 -> 10.0.0.2 (web server)
70.112.65.161 -> 10.0.0.3 (ftp server)
70.112.65.162 -> 10.0.0.4 (ns1 server)
70.112.65.163 -> 10.0.0.5 (ns2 server)
70.112.65.164 -> 10.0.0.6 (mail server)

My network look like this:

ROUTER (in bridge mode) -> PIX (8.03) -> SWITCH (2950)

78.112.65.160/28 -> 78.112.65.161 (outside) PIX 10.0.0.1 (inside) -> 2950 -> 10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5,10.0.0.6

Thank you
The administrator has disabled public write access.

Re: Multiple Public IP Addresses NAT PIX515E 8 years 6 months ago #26403

  • ikon
  • ikon's Avatar
  • Offline
  • Frequent Member
  • Posts: 48
  • Karma: 0
Hi

You Router address is 160 so you can use this address to NAT.

Your Pix is 161 so you will not be able to use this address either.

You need static nat entries and an ACL for there traffic flow.

May i suggest


static (inside,outside) tcp 78.112.65.162 www 10.0.0.2 www netmask 255.255.255.255

static (inside,outside) tcp 78.112.65.162 ftp 10.0.0.3 ftp netmask 255.255.255.255

static (inside,outside) udp 78.112.65.162 53 10.0.0.4 53 netmask 255.255.255.255

static (inside,outside) udp 78.112.65.163 53 10.0.0.5 53 netmask 255.255.255.255

static (inside,outside) tcp 78.112.65.162 smtp 10.0.0.6 smtp netmask 255.255.255.255

you will need acl's for each aswell example

access-list outside-in permit tcp any host 78.112.65.162 eq smtp


If you do want to make use of all your ip's then change the static NAT lines.


hope this helps
The administrator has disabled public write access.

Re: Multiple Public IP Addresses NAT PIX515E 8 years 6 months ago #26407

  • ciscos
  • ciscos's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
router is in a bridge mode which means it doesn't route ip addresses just establishes DLS connection .OK you can assign only one IP on outside interface(PIX) with public IP how about the rest of public IPs? How they can be used without router?

ROUTER (BRIDGE MODE) -> PIX -> LAN
Thanks
The administrator has disabled public write access.

Re: Multiple Public IP Addresses NAT PIX515E 8 years 6 months ago #26421

  • ikon
  • ikon's Avatar
  • Offline
  • Frequent Member
  • Posts: 48
  • Karma: 0
The bridge should forward all traffic to the pix in anycase, the bridge will only see layer 2 traffic and forward that traffic out of all its ports except the port it come from.

If you have the Static commands set and the correct ACL's in place on the pix, then the pix will respond to the traffic from the bridge, the pix will act as your router/nat device and determine what traffic goes where.

Its very much like router mode where you will set the routers WAN interface and LAN interface to the Same IP/Mask effectively Bridging the 2 interfaces.

This is how i understand it, i dont use routers in bridge mode, if my advise does not work, hopefully someone with some bridging or bridgemode router experience can step in.


Thanks
The administrator has disabled public write access.
Time to create page: 0.076 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup