Adding a new outside IP address

[oldfriend]

Hi Folks,

I am sure that this is a rather simple question, but your help is greatly appreciated.

I have a webserver behind a PIX firewall. The ISP now needs to change my outside IP. Until the DNS entries have been updated properly, I need to tell the PIX to accept both (the old and the new) IP address and forward requests to the webserver.

What is the best way to do that?

Many thanks,

Klaus

 

[schwarrn]

If you go into the pix firewall manager and go into the translation rules and add the extra external IP to the list.

Now I am not real sure if you can have one translation rule for both IP's to the internal server but I'm sure you could setup two one to one translations where each external IP is directed to the internal server. Schwarrn
"There are things known and things unknown and in between them are the doors." - Jim Morrison

 

[oldfriend]

Thanks for the advise. Just to follow up. I found the following FAQ on cisco.com

Q. Can I map a single, inside address to more than one outside address?

A. The Cisco Secure PIX Firewall only allows a single one-to-one translation for a local (inside) host. If you have more than two interfaces on the Cisco Secure PIX Firewall, you can translate a local address to different addresses on each respective interface but only one translation per interface is allowed for each address. Likewise, you cannot do a static mapping of a single outside address to multiple local addresses.


Sounds like it is not possible? Would you agree?

Klaus

 

[gbiello]

You can have more than one IP address on a server. Set you web server up with multiple IP addresses, that way you can have 2 NAT translations on the PIX, one to each of your internal IP's.

sound good?
-gbiello

 

[oldfriend]

Thanks to all.

The problem is solved.

Klaus