Further to just getting my Pix working in the DMZ to manage all port forwarding I think I have encountered a problem that is looking unlikely the Pix is able to handle.
My Setup is as follows: -
Internet > (public ip address)Router(NAT enabled - ip 10.0.0.254) > DMZ / Pix (10.0.0.253) > Services (http 10.0.0.5 / https 10.0.0.1 & 10.0.0.17 / smtp 10.0.0.20).
I have 2 seperate internal web servers running https sites (webserver 1 = 10.0.0.1 webserver 2 = 10.0.0.17)
My goal is to port forward https traffic to both of these internal webservers. Can anyone confirm if this scenario is possible? Looking at the documentation so far it looks as if I can only forward traffic to one internal ip address and that URL forwarding is not an available feature on the Pix 501. Can anyone confirm this? It is not an available option to change the port number the SSL traffic uses on one of the servers. I need both servers to be accessible on Port 443.
Now I do have one spare public IP address available but I cannot see how I can utilise this for one of the web servers as they are both using internal ip addresses 10.0.0.0/8.
Any ideas? I know that ISA server is capable of URL forwarding and I may ditch my pix if I cannot get this to work
My Setup is as follows: -
Internet > (public ip address)Router(NAT enabled - ip 10.0.0.254) > DMZ / Pix (10.0.0.253) > Services (http 10.0.0.5 / https 10.0.0.1 & 10.0.0.17 / smtp 10.0.0.20).
I have 2 seperate internal web servers running https sites (webserver 1 = 10.0.0.1 webserver 2 = 10.0.0.17)
My goal is to port forward https traffic to both of these internal webservers. Can anyone confirm if this scenario is possible? Looking at the documentation so far it looks as if I can only forward traffic to one internal ip address and that URL forwarding is not an available feature on the Pix 501. Can anyone confirm this? It is not an available option to change the port number the SSL traffic uses on one of the servers. I need both servers to be accessible on Port 443.
Now I do have one spare public IP address available but I cannot see how I can utilise this for one of the web servers as they are both using internal ip addresses 10.0.0.0/8.
Any ideas? I know that ISA server is capable of URL forwarding and I may ditch my pix if I cannot get this to work