[c-nsp] NAT/ACL options in a PIX
John Ramz
sforcejr at yahoo.com
Tue Aug 26 22:21:26 EDT 2008
Version 6.3.5
PIX 515
We have been assigned 25 Public IP addresses by our ISP and I want administer them in the most efficient way.
We get a lot of requests for external access to different hosts in our private network. For example:
Public trusted IP address requesting access: P.P.P.2
Public IP address assigned by ISP: Q.Q.Q.10
Internal host IP: 10.10.10.111
port 80 or 8080 (http://10.10.10.111/site:8080
So far every time we get a request we do this:
static (inside,outside) Q.Q.Q.10 10.10.10.111 netmask 255.255.255.255 0 0
access-list ACL_NAME permit tcp host P.P.P.2 host Q.Q.Q.10 eq 8080
QUESTION
1- Is it possible to do what I believe is called PAT and reuse the same public ip address(Q.Q.Q.10) when I get a second request to access a DIFFERENT host(10.10.10.112) and redirect them to port 8081 for example? If possible, how?
Today I got a request to allow access to an internal host(10.10.10.110) that I have already mapped with this public IP: Q.Q.Q.9 . The source ip address is: P.P.P.3 . These are the statements already in the PIX:
static (inside,outside) Q.Q.Q.9 10.10.10.110 netmask 255.255.255.255 0 0
access-list ACL_NAME permit tcp host P.P.P.1 host Q.Q.Q.9 eq 8080
I need to allow P.P.P.3 to access the same internal host (Q.Q.Q.9). I tried to assigned a different Public ip address(Q.Q.Q.11) but I got this message:
ERROR: duplicate of existing static
QUESTION
2- Is there anyway to allow 2 IP addresses to access the same host on the same port-it could be different-?
I appreciate any help since I am a beginner on this subject
Thanks
John
More information about the cisco-nsp
mailing list