Multiple web servers behind PIX 501...?

- A
- andypatterson24
  
  Contact options for registered users
posted
16 years ago

Tue, May 15, 2007 1:53 PM

Hello All

I have two web servers sitting behind a PIX 501. Currently, only one is accessible via port forwarding. I would like to make the other server accessible from the outside. What is the correct method?

I am currently using PAT and am forwarding port 80 to a single internal address. I have other public IP addresses available for static translation.

Example of what I'm looking to do:

66.66.66.66 (port: 80/443) -> 192.168.1.50:80 (port 80/443) 66.66.66.67 (port: 80/443) -> 192.168.1.51:80 (port 80/443)

Any advice/examples would be appreciated.

Thanks! Andy

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Tue, May 15, 2007 2:09 PM

Sure, no problem.

static (inside,outside) tcp PUBLICIP1 80 INTERNALIP1 80 netmask 255.255.255.255 static (inside,outside) tcp PUBLICIP1 443 INTERNALIP1 443 netmask 255.255.255.255

Repeat with the other PUBLICIP and INTERNALIP .

For the access-list:

access-list out2in permit tcp any PUBLICIP1 eq 80 access-list out2in permit tcp any PUBLICIP1 eq 443

access-group out2in in interface outside

This changes, though, if you want to use the PIX public IP rather than an additional public IP:

static (inside,outside) tcp interface 80 INTERNALIP 80 netmask 255.255.255.255 static (inside,outside) tcp interface 443 INTERNALIP 443 netmask 255.255.255.255

access-list out2in permit tcp any interface outside eq 80 access-list out2in permit tcp any interface outside eq 443

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.