How to configure inbound connections to multiple servers using only a single global address- Cisco Pix.
Configure static Port Address Translation (PAT) on the PIX.
Starting with PIX Software version 6.0, the PIX can be configured to translate ports destined to a single global IP address to multiple internal servers.
One place this would be useful is if you only have a single IP address available from your ISP, but your web server is on a different box than your mail server. You can use port redirection (static PAT) to accomplish this.
Example
Address available from ISP: 209.165.201.5
Mail Server IP Address: 10.10.10.5
Web Server IP Address: 10.10.10.6
PIX commands are shown below.
static (inside,outside) tcp 209.165.201.5 25 10.10.10.5 25 netmask 255.255.255.255
static (inside,outside) tcp 209.165.201.5 80 10.10.10.6 80 netmask 255.255.255.255
!--- Now that the port redirection is defined, we need
!--- to allow inbound access via an access list.
access-list inbound permit tcp any host 209.165.201.5 eq 25
access-list inbound permit tcp any host 209.165.201.5 eq 80
access-group inbound in interface outside
!--- Finally, if those two servers also need to initiate
!--- connections outbound, then we need to do PAT on
!--- them to the static address.
nat (inside) 1 10.10.10.5 255.255.255.255
nat (inside) 1 10.10.10.6 255.255.255.255
global (outside) 1 209.165.201.5
you can also grab the RSS feed or Subscribe to Techgurulive by Email
Not Getting
To access a private web server from outside public network, we require live ips, the following diagram shows how to setup the network for accessing the web server. The above...
Show xlate command Display active translations by global IP address or local IP address using the network mask to qualify the IP addresses. quik# show xlate 217 in use, 708...
