PIX with three interface and one public IP

Discussion in 'Cisco' started by Christian Ditters, Nov 11, 2005.

  1. hi, i've a problem with this scenario:

    pix515e, three interface: inside, outside, dmz
    only one public IP: pppoe
    i need (but not have:)
    - 2 static ports from outside to dmz (10.0.0.10; port 25, 80)
    - 1 static port from outside to inside (192.168.1.10; port 443)
    the 2 ports to dmz work fine; the 1 port to inside doesn't work :-(
    any idea? Is it possible? Thanks in advance...

    Christian Ditters


    ;
    ; parts of the config:
    ;

    object-group service webserver tcp
    port-object eq www
    port-object eq https
    port-object eq smtp
    object-group service dmz2inside1 tcp
    port-object eq smtp
    object-group service dmz2inside2 udp
    port-object eq domain

    access-list ACLOUTSIDE permit tcp any interface outside object-group
    webserver
    access-list ACLDMZ permit tcp any host 192.168.1.10 object-group dmz2inside1
    access-list ACLDMZ permit udp any host 192.168.1.10 object-group dmz2inside2

    ip address outside pppoe setroute
    ip address inside 192.168.13.2 255.255.255.0
    ip address dmz 10.0.0.1 255.255.255.0

    global (outside) 10 interface
    global (dmz) 10 interface
    nat (inside) 10 0.0.0.0 0.0.0.0 0 0
    nat (dmz) 10 0.0.0.0 0.0.0.0 0 0

    static (inside,outside) tcp interface https 192.168.1.10 https netmask
    255.255.255.255 0 0
    static (dmz,outside) tcp interface smtp 10.0.0.10 smtp netmask
    255.255.255.255 0 0
    static (dmz,outside) tcp interface www 10.0.0.10 www netmask 255.255.255.255
    0 0
    static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0

    access-group ACLOUTSIDE in interface outside
    access-group ACLDMZ in interface dmz
     
    Christian Ditters, Nov 11, 2005
    #1
    1. Advertisements

  2. :pix515e, three interface: inside, outside, dmz
    :eek:nly one public IP: pppoe
    :i need (but not have:)
    :- 2 static ports from outside to dmz (10.0.0.10; port 25, 80)
    :- 1 static port from outside to inside (192.168.1.10; port 443)
    :the 2 ports to dmz work fine; the 1 port to inside doesn't work :-(

    :ip address outside pppoe setroute
    :ip address inside 192.168.13.2 255.255.255.0
    :ip address dmz 10.0.0.1 255.255.255.0
    Your inside IP subnet is 192.168.13/24 but you are trying to contact
    192.168.1/24 .
     
    Walter Roberson, Nov 11, 2005
    #2
    1. Advertisements

  3. hi walter,
    sorry - that was a 'copy and paste'/'too many fingers on keyboard'-error...
    the config at this point is correct:

    ip address inside 192.168.1.2 255.255.255.0

    but don't work. Is there another reason?
    Thanks
    christian
     
    Christian Ditters, Nov 12, 2005
    #3
  4. hi, there is a wrong line in the config-extract...

    wrong: ip address inside 192.168.13.2 255.255.255.0
    right: ip address inside 192.168.1.2 255.255.255.0

    that's not the failure :-(
    anybody another idea?
    thx christian
     
    Christian Ditters, Nov 12, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.