Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

More outside IP's on PIX 501 ???

Status
Not open for further replies.
Honning

Honning

Technical User
Nov 13, 2002
3
DK
I'm trying to get at Cisco PIX 501 up and running with several IP-addresses on the outside interface. But so far I have only managed to have 1 ip. Is it possible? Can anyone help me?

Maybe the problem lies with me, since it's the first time I ever tried to configure a Cisco PIX.

Best regards
Honning
 
Sort by date Sort by votes
Hi harryhair5.

I'm not sure what you call a config. However, I'll try to describe how I thought it could be.

The network:
3 servers, all connected to the PIX build in hub.
1 Cisco PIX 501
1 Cisco 677 adsl router.

The 677 is assigned with one global outside IP and two global inside IP's on each their network.

I need to establish a VPN connection to a W2K Server and theirfor I need to open for the GRE protocol - which is not possible with the PIX. So I got myself some more IP-adresses from my ISP. Now I should be able to for instans recieve VPN to the W2K-server on one IP and have a mailserver plus a webserver on the other IP, right?

So, there is a lot of addresses.

Let me try to illustrate...

10.0.0.1
Cisco 677
10.0.1.1 / 10.0.2.1
|
10.0.1.2 / 10.0.2.2
Cisco PIX
10.0.3.1
|
+----------+----------+
| | |
10.0.3.2 10.0.3.3 10.0.3.4
W2K-server webserver mailserver

10.0.1.0 network is on subnet 255.255.255.252
10.0.2.0 network is on subnet 255.255.255.248
10.0.3.0 network is on subnet 255.255.255.0

The PIX shout then NAT
port 80 from 10.0.1.2 to 10.0.3.3
port 25 from 10.0.1.2 to 10.0.3.4
all from 10.0.2.2 to 10.0.3.2 (to include GRE)

I hope I provided you with all information

:) Henrik
 
Upvote 0 Downvote
He means type in "write terminal" and copy and paste the text into a message and send it here so it is easier to help you !

 
Upvote 0 Downvote
HI.

You should disable NAT on the router and use registered ip addresses on the network between the pix outside interface and the router internal interface.
The pix should be the only device that performs NAT.

The pix 501 can handle many registered ip addresses.
Simply make sure that those ip addresses are in the same subnet of the router inside interface or that there is a static route entry at the router to forward those addresses to the pix.
At the pix you use the "static" command to map those addresses to internal servers.
This article can help you:

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Hi all.

Thank you for your help, but the problem lies with the ADSL-router. Now I learned that a Cisco 677 can have more than one IP-address, but it can't handle it.

The PIX was working all the time. Now I moved all trafik to the same network.

:eek:) Honning.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
720
Sameer258
Sameer258
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
117
Garbear
Garbear
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
167
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
172
mcisar
mcisar

Part and Inventory Search

Sponsor

Back
Top