Multiple web servers behind PIX 501...?

Discussion in 'Cisco' started by andypatterson24, May 15, 2007.

  1. Hello All

    I have two web servers sitting behind a PIX 501. Currently, only one
    is accessible via port forwarding. I would like to make the other
    server accessible from the outside. What is the correct method?

    I am currently using PAT and am forwarding port 80 to a single
    internal address. I have other public IP addresses available for
    static translation.

    Example of what I'm looking to do:
    66.66.66.66 (port: 80/443) -> 192.168.1.50:80 (port 80/443)
    66.66.66.67 (port: 80/443) -> 192.168.1.51:80 (port 80/443)

    Any advice/examples would be appreciated.

    Thanks!
    Andy
     
    andypatterson24, May 15, 2007
    #1
    1. Advertising

  2. In article <>,
    andypatterson24 <> wrote:

    >I have two web servers sitting behind a PIX 501. Currently, only one
    >is accessible via port forwarding. I would like to make the other
    >server accessible from the outside. What is the correct method?


    >I am currently using PAT and am forwarding port 80 to a single
    >internal address. I have other public IP addresses available for
    >static translation.


    >Example of what I'm looking to do:
    >66.66.66.66 (port: 80/443) -> 192.168.1.50:80 (port 80/443)
    >66.66.66.67 (port: 80/443) -> 192.168.1.51:80 (port 80/443)


    >Any advice/examples would be appreciated.


    Sure, no problem.

    static (inside,outside) tcp PUBLICIP1 80 INTERNALIP1 80 netmask 255.255.255.255
    static (inside,outside) tcp PUBLICIP1 443 INTERNALIP1 443 netmask 255.255.255.255

    Repeat with the other PUBLICIP and INTERNALIP .

    For the access-list:

    access-list out2in permit tcp any PUBLICIP1 eq 80
    access-list out2in permit tcp any PUBLICIP1 eq 443

    access-group out2in in interface outside


    This changes, though, if you want to use the PIX public IP rather
    than an additional public IP:

    static (inside,outside) tcp interface 80 INTERNALIP 80 netmask 255.255.255.255
    static (inside,outside) tcp interface 443 INTERNALIP 443 netmask 255.255.255.255

    access-list out2in permit tcp any interface outside eq 80
    access-list out2in permit tcp any interface outside eq 443
     
    Walter Roberson, May 15, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg Gibson

    PIX 501 newbie aaa servers for pix

    Greg Gibson, May 6, 2004, in forum: Cisco
    Replies:
    3
    Views:
    587
    Adrian Grigorof
    May 9, 2004
  2. Corbin O'Reilly
    Replies:
    2
    Views:
    3,276
    Corbin O'Reilly
    May 26, 2004
  3. Andre
    Replies:
    7
    Views:
    805
    Andre
    Feb 20, 2005
  4. Replies:
    6
    Views:
    844
  5. Replies:
    1
    Views:
    1,039
    keshav
    Jun 25, 2006
Loading...

Share This Page