Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX501 and MS ISA2000

Status
Not open for further replies.
AndMartSol

AndMartSol

Technical User
Nov 19, 2003
3
GB
Hi
First posting so please be gentle :)

We are currently using ISA2000 to protect our network, don't laugh, and we want to install a PIX501 between the ADSL router and the ISA server. We currently only have 2 public ip addresses, the router and the external NIC on ISA.
From the reading I have done it seems that I would need to put the public address from the ISA server onto the PIX outside and create a private network between PIX inside and ISA.

a.a.a.1---a.a.a.2 PIX 10.0.0.1---10.0.0.2 ISA 192.168.x.x

I think what I need to do is a one-to-one nat but not sure of how the static (inside,outside) command is used. Any links or help gratefully received.

thanks
Andrew
 
Sort by date Sort by votes
HI.

Yes, that way it should work.
You will need to use port forwarding because you have only a single IP address for both the pix outside interface and internal services (if you're going to publish them).

The following links will help you setting it up:

Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX


The ISA is probably an SBS2000 server used for other functions like Exchange, right?

Another option you can use is disabling ISA on the SBS server, and using only a single NIC on the server.
That way the pix inside interface will connect directly to the LAN switch.
There are advantages and disadvantages for each option versus the other.

Bye


Yizhar Hurwitz
 
Upvote 0 Downvote
Hi

Thanks for the link I will investigate and try and see what I was missing.

No it isn't SBS2000 but I have already configured ISA to publish the required servers which is working well so don't really want to change it.

thanks
Andrew
 
Upvote 0 Downvote
Hi

OK, have looked at the links and I am a bit confused.
Does static (inside,outside)interface 10.0.0.2 redirect all allowed traffic from PIX outside to 10.0.0.2?

Should I be using
static (inside,outside)tcp interface smtp 10.0.0.2 smtp netmask 255.255.255.255 0 0

to redirect SMTP and create a static for each port I want to redirect?

thanks
Andrew
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
264
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
228
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
187
Nitta84
Nitta84
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
77
ITSUPPORTIT
ITSUPPORTIT
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
98
texwiz
texwiz

Part and Inventory Search

Sponsor

Back
Top