[c-nsp] NAT/ACL options in a PIX

John Ramz sforcejr at yahoo.com
Tue Aug 26 22:21:26 EDT 2008


Version 6.3.5
PIX 515

We have been assigned 25 Public IP addresses by our ISP and I want administer them in the most efficient way.

We get a lot of requests for external access to different hosts in our private network. For example:

Public trusted IP address requesting access: P.P.P.2
Public IP address assigned by ISP: Q.Q.Q.10
Internal host IP: 10.10.10.111
port 80 or 8080 (http://10.10.10.111/site:8080

So far every time we get a request we do this:

static (inside,outside) Q.Q.Q.10 10.10.10.111 netmask 255.255.255.255 0 0
access-list ACL_NAME permit tcp host P.P.P.2 host Q.Q.Q.10 eq 8080

QUESTION
1- Is it possible to do what I believe is called PAT and reuse the same public ip address(Q.Q.Q.10) when I get a second request to access a DIFFERENT host(10.10.10.112) and redirect them to port 8081 for example? If possible, how?



Today I got a request to allow access to an internal host(10.10.10.110) that I have already mapped with this public IP: Q.Q.Q.9 . The source ip address is: P.P.P.3 . These are the statements already in the PIX:

static (inside,outside) Q.Q.Q.9 10.10.10.110 netmask 255.255.255.255 0 0
access-list ACL_NAME permit tcp host P.P.P.1 host Q.Q.Q.9 eq 8080

I need to allow P.P.P.3 to access the same internal host (Q.Q.Q.9). I tried to assigned a different Public ip address(Q.Q.Q.11) but I got this message:

ERROR: duplicate of existing static

QUESTION
2- Is there anyway to allow 2 IP addresses to access the same host on the same port-it could be different-?

I appreciate any help since I am a beginner on this subject


Thanks

John





      


More information about the cisco-nsp mailing list