| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Guest
Posts: n/a
|
We recently purchased a PIX 501 with software version 6.3(3). Our ISP
has given us a /29 (x.x.x.16  where .169 is the gateway and .170through .174 are available to us. We'd like to run web servers whose public IPs are .170, .171, and .172 for now. We want to block all ports by default (except 80 and maybe a few others) and protect them as much as possible because two of the servers run IIS. Other newsgroup posts have noted that the PIX can't have "secondary" IP addresses assigned to its outside interface. But is there a way to accomplish what we want using NAT or PAT on the PIX? Or would we need a Cisco router (or Linux or BSD box) as our ingress point to be able to use several of our public IPs? |
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
> Other newsgroup posts have noted that the PIX can't have "secondary"
> IP addresses assigned to its outside interface. it's through in a sense but it doesn't block you to accomplish what you need. You can just apply one IP on the outside interface using ip address outside x.x.x.170 255.255.255.248 but you can use the remaining 171 to 174 to make static translations with your internal servers static (inside,outside) x.x.x.171 [internal ip] netmask 255.255.255.255 0 0 Then you can permit whatever traffic you want through acls - for example access-list acl_out permit tcp any host x.x.x.171 eq www So in a certain way , x.x.x.171 will become like a secondary on your outside "Jordan Peterson" <> wrote in message news: om... > We recently purchased a PIX 501 with software version 6.3(3). Our ISP > has given us a /29 (x.x.x.16 where .169 is the gateway and .170> through .174 are available to us. We'd like to run web servers whose > public IPs are .170, .171, and .172 for now. We want to block all > ports by default (except 80 and maybe a few others) and protect them > as much as possible because two of the servers run IIS. > > Other newsgroup posts have noted that the PIX can't have "secondary" > IP addresses assigned to its outside interface. But is there a way to > accomplish what we want using NAT or PAT on the PIX? Or would we need > a Cisco router (or Linux or BSD box) as our ingress point to be able > to use several of our public IPs? |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
|
|
