Two Public IP's

[daidem77]

I have to configure two public IP's to a SMTP and a webserver. Port address translation is configured to ports, 80, 443, 110, etc. This extra SMTP server is registred with its own dns name webmail.company.com and the webserver is registred with another public IP address for its dns with company.com. Do I need to configure two interfaces to accomplish this? I know this is possible if you configure another interface but can this be accomplished with NAT??? Please help.

 

[Supergrrover]

Are you moving these from and external hosting to internal?

You can change the DNS entries so that they both resolve to an IP on the PIX. Then just setup policy NAT and you are set.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[daidem77]

Okay I think I did not explain the situation correctly. This is the setup. I have the outside interface configured with a IP from my ISP 209.113.15.666. I port translation going on for our webserver, and a smtp server and some other services inside. Now for some reason there is a another dns name registred with webmail.company.com with another public address different from the outside interface public address. Now I have to direct that dns hits to the same smtp server which is accessed by the outside addresses port translation to ports 443, 110, etc. Can I just add a static statement and a access-list and it will point to the same mail server since the other ip addres is in the same ip block from the ISP. If I allow the outside interface to translate the address to a internal box even thought its not the outside interfaces address. Will this work. Sorry if my english is not too clear (its not my native language).

 

[boymarty24]

You cant configure the pix to have 2 public IPs pointed to the same internal ip, not supported. The pix handles static as a NAT statement so therefor you can only point one pub to one priv IP


I instead would configure another ip on your server NIC and point the new public IP to the new private IP.

 

[daidem77]

Can you have two public ip's pointed to two private ips with but only the outside interface is configured with a public IP??? Will the outside interface pass traffic that does not have its public IP address to the inside if there is a access rule and a static statement?

 

[boymarty24]

How many public ip numbers do you have? If you only have one ip then you are in trouble. If you have more then 1 then its no problem at all

 

[daidem77]

Oh.. I have lots (lol). That is the problem, they want me to waste them. So its possible if I write sosmething like this even though my outside ip address is 14.62.31.yy3

(config t)# static (inside, outside) 14.62.31.xx1 172.16.4.22
pixfirewall (config t)# access-list internet permit tcp any host 14.62.31.xx1 eq 80
pixfirewall (config t)# access-group internet in interface outside

Thanks... One to one nat?

 

[boymarty24]

Create another static

static (inside,outside) pubIP privIP

Where pubIP is the new public ip and privIP the second server NIC ip.

Add the needed accesslists and dont forget the finish with the access-group command.

 

[daidem77]

Thanks. I will give it a try.