Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 Internet Address pool and 1 PIX Firewall

Status
Not open for further replies.
8873402

8873402

Technical User
Jan 24, 2004
8
US
Hi All,
We have 2 Different T1's connected to 2 different Cisco Router's.
One of them should serve internet address range of 216.68.40.x and the other is supposed to serve a range of 65.155.148.x
The PIX Configuration is
ip address outside 65.155.148.254 255.255.255.128
ip address dmz3 216.68.40.2 255.255.255.128
ip address inside 10.0.0.254 255.255.255.0
ip address dmz1 10.0.1.254 255.255.255.0
ip address dmz2 10.0.2.254 255.255.255.0
ip address dmz4 10.0.4.254 255.255.255.0
The default Route For PIX is defined thru' 65 Network for Ethernet Interface of the Router.
We have a Telnet Server whose internal Address is 10.0.0.13. Please suggest how I can reach to 10.0.0.13 over the internet using 216.68.40.5 address as well as thru 65.155.148.5 ( by creating a virtual ip of 10.0.0.14 ).

I can access this server using 65.155.148.4 without any issues. However, whenever I try to connect to this server using 216.68.40.5 I get connection timed out Error.

Please Advise
 
Sort by date Sort by votes
Are you using a command:

static (inside,outside) 216.68.40.5 10.0.0.13

And does the outside router have a static route to forward all traffic destined for 216.68.40.0 to the PIX outside interface?

example:

ip route 216.68.40.0 255.255.255.0 65.155.148.254
 
Upvote 0 Downvote
Hi bell1996,

I have the staic command in place.
Here is what I have diagnosed,
If we start a telnet session from 66.165.147.23 to 216.68.40.5, the packet reaches to the firewall and the destination IP is NATED to 10.0.0.13.
Source:- 66.165.147.23 Destination :- 216.68.40.5 -> 10.0.0.13
Now when the return packet originates It's source IP address is 10.0.0.13 and the destination is 66.165.147.23.
source:- 10.0.0.13 Destination:- 66.165.147.23

So the packet is passed to default route where the source is NATED to an address from global pool of outside interface let's say 65.155.148.90.So once the packet leaves the firewall
Source:- 65.155.148.90 Destination is 66.65.147.23,

This packet when it reaches the Route at the destination it gets dropped because the Destination address of the packet it send(216.68.40.5) and the source address(65.155.148.90) of the return packet are different.

You see, I need some way where the source address from 10.0.0.13 is translated to 216.68.40.5 and without being NATed at the outside interface travels on the interent with SOurce IP of 216.68.40.5.

Please Help

Thanks
 
Upvote 0 Downvote
To get a better and clearer picture, could you post your config. Just leave out you passwords and access-lists if you're concerned about the security of you PIX config.

This way I can see what is in the config and pin point the issue. I think I know what is going on but it would help to have the config. I believe you may have one to many "static (inside,outside)" commands being used.


 
Upvote 0 Downvote
Hi bell1996,
I have to go to the office to post the config. It might be today or on Monday.

Thanks
 
Upvote 0 Downvote
Here's the config,

PIX Version 5.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet4 dmz3 security20

access-list acl_dmz3 permit icmp any any
access-list acl_dmz3 permit ip any any
access-list acl_dmz3 permit tcp any any

ip address outside 65.155.148.254 255.255.255.128
ip address inside 10.0.0.254 255.255.255.0
ip address dmz3 216.68.40.2 255.255.255.128

global (outside) 1 65.155.148.176-65.155.148.200
global (outside) 1 65.155.148.175
global (dmz3) 1 216.68.40.76-216.68.40.90
global (dmz3) 1 216.68.40.75

nat (inside) 1 10.0.0.0 255.255.255.0 0 0
nat (dmz3) 1 216.68.40.0 255.255.255.128 0 0

static (inside,dmz3) 216.68.40.5 10.0.0.13 netmask 255.255.255.255 0 0

outside 0.0.0.0 0.0.0.0 65.155.148.129 1 OTHER static
dmz3 216.68.40.0 255.255.255.128 216.68.40.2 1 CONNECT static
inside 10.0.0.0 255.255.255.0 10.0.0.254 1 CONNECT static


 
Upvote 0 Downvote
I now see what you want to do. You want to access the Telnet Server via a 216 & 65 IP address. You want to have 2 public IP addresses mapped to 1 private IP address. Hmmmm....I don't know if this can be done with the PIX. You probably could create 2 static's within the PIX, but will the PIX round robin or just use the first configured static? I'll have to do more research.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
807
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
596
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
503
Nitta84
Nitta84
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
240
hairlessupportmonkey
hairlessupportmonkey
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
174
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top