Re: 2 external subnets on a PIX
From: ChuckC (chitch_at_quickclic.net)
Date: 12/16/03
- Next message: cmatt77: "Re: need help with smoothwall"
- Previous message: Marcus Castro: "Re: Checkpoint to buy ZoneLabs"
- In reply to: Rob Collins: "2 external subnets on a PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Dec 2003 10:12:31 -0500
Since the new range of IPs are routed from your ISP to your PIX, I assume
you want to map the new external IPs to an internal/DMZ servers within your
network.
1. Created STATIC NAT (one-to-one mapping), let say the server is on the dmz
and your range is 1.1.1.1/29 and your DMZ server is 192.168.50.12
static (dmz, outside) 1.1.1.2 192.168.50.12 netmask 255.255.255.255
2. Created an access-list if you don't have one for the external interface
to allow the traffic to this DMZ server, let say the server is hosting a
shoutcast server on port 8000
access-list outside_in permit tcp any host 1.1.1.2 eq 8000
3. Bind the access-list outside_in to the outside interface
access-group outside_in in interface outside
The PIX should automatically ARP for the new IPs.
Chuck
"Rob Collins" <rob_collins@myrealbox.com> wrote in message
news:30a5691c.0312080654.2b6468a3@posting.google.com...
> Hi,
>
> I have a client who has used up all her allocated Public IP addresses,
> so the ISP has given her a new range. I want to add this range onto
> the external port of the PIX. I want to use both external ranges.
>
> How do I do this?
>
> Using Global,Static and NAT commands?
>
> Please help.
>
- Next message: cmatt77: "Re: need help with smoothwall"
- Previous message: Marcus Castro: "Re: Checkpoint to buy ZoneLabs"
- In reply to: Rob Collins: "2 external subnets on a PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
