Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Multiple Outside IP on 501 PIX

Multiple Outside IP on 501 PIX 11 years 5 months ago #8764

Can anyone help me - I'm a PIX newbie, and am interested in help with the cfg of PIX501:
Outside:
24.113.x.x
24.112.x.y

Inside:
192.168.1.x

Routes from outside x.x to inside 192.168.1.200/250
and from outside x.y to inside 192.168.1.10/100

Different ports specify which internal machine. (Differnet "domains" inside firewall, each with mail, ftp, etc...)

Cannot access https://192.168.1.1/startup.html the page freezes "please wait while page loads..." - upgraded to new java, no luck.

Can access through console port, but it's pretty "expert freindly" for a newbie! Thanks in advance!
javascript:emoticon(':D')
Very Happy
Jerry
The administrator has disabled public write access.

PIX issue 11 years 5 months ago #9025

  • Saju
  • Saju's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
As I understand you have a PIX 501.

1. You need to create a static translation between the public address on the outside of the firewall and a private server address in the Inside. Am i right ?

Format is:
static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250

access-list 101 permit tcp any host 24.113.x.x eq 250


2. You were not able to access the PIX Device Manager (PDM ). Did you verify you have the follwing commands in the config..

http server enable
http 0 0 inside

I think PDM does not support Java above 1.42. Please verify the Java version. Cisco has a case open with Sun in regards to this.


Saj..
The administrator has disabled public write access.

Re: Multiple Outside IP on 501 PIX 10 years 6 months ago #14982

  • danherbon
  • danherbon's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
when you state:

static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250


exactly what does the 250 mean in this statement?
The administrator has disabled public write access.

Re: Multiple Outside IP on 501 PIX 10 years 6 months ago #14990

  • drizzle
  • drizzle's Avatar
  • Offline
  • Distinguished Member
  • Posts: 138
  • Karma: 0
This doesn't explain what the "250" means in
static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250
but it does explain the original question in detail.

http://www.cisco.com/warp/public/707/28.html --> Cisco.
The administrator has disabled public write access.

Re: Multiple Outside IP on 501 PIX 10 years 6 months ago #14992

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
when you state:

static (inside,outside) tcp 24.113.x.x 250 192.168.1.200 250


exactly what does the 250 mean in this statement?

250 is the port. You can use statics for a one to one NAT or for Port address translation.

if you only had one public IP but 3 internal servers that needed to be publically accessable, you can use the port to determine which internal server gets the traffic.
PAT Example: for a web server, mta, and a POP3 server you could do the following:

192.168.1.2 = www (80)
192.168.1.3 = mta (25)
192.168.1.4 = pop3 (110)

static (inside,outside) tcp 24.113.x.x 80 192.168.1.2 80 netmask 255.255.255.255 0 0
static (inside,outside) tcp 24.113.x.x 25 192.168.1.3 25 netmask 255.255.255.255 0 0
static (inside,outside) tcp 24.113.x.x 110 192.168.1.4 110 netmask 255.255.255.255 0 0

all other outgoing traffic would use the global nat.

One to One NAT Example:

static (inside,outside) 24.113.x.x 192.168.1.5 netmask 255.255.255.255 0 0

The last 2 items (0 0 in my example) are the 'max connections' and the 'embryonic limit'.

Max connections in the maximum number of connections you will allow at any given time.
Embryonic limit is the maximum number of connections you will allow at any given time that have not yet completed the handshake between the source and destination.
The administrator has disabled public write access.

Re: Multiple Outside IP on 501 PIX 10 years 3 months ago #16238

  • trarthur
  • trarthur's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
What would you put in place of 24.113.x.x
if the outside interface is getting it's IP via DHCP (DSL, cable)?

I need to route Remote Desktop web connection traffic from the internet to a box inside my network.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.091 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup