Mutliple IPs on a 515

static (inside,outside) 80.23.2.1 192.168.2.1 ...

Lutz, Thanks for the quick reponse. Can I ask you if I need to assign each outside address to the interface before using the static (inside,Outside). The sample you have given me is for the incoming traffic do I need to do the reverse for the outgoing traffic?

Thanks Again KevinT

Repeat the rule for each address translation.

It's for both directions.

Thanks for the response

Is it possible to add specfiy ports to the static command.

For instance, I need to convert all inside ip addresses on port 1433 going to the host X onto 1433! I need to convert FTP from HOST X to a inside host A on FTP! etc..

Thaks Again

I'm not clear on what you are asking there, but I believe the answer is NO. When you redirect a group of IPs, you have to redirect to a different *group* of IPs, e.g., the 12th IP in the original range would get redirected to the 12th possible IP in the new range.

That's one IP to one IP and one port to one port, so that could be done in certain situations. But not in the situation of "inside host tries to access public IP X and the PIX should redirect it back to internal address A instead".

For PIX 6, address translation only happens when packets pass -through- the PIX, from one interface to another. PIX 7.2(1) added the ability to do same-interface routing even when a VPN was not involved; I haven't examined it to find out how it fits in the address translation model.

Yes: RTFM.

access-list to-1433 permit tcp any host X eq 1433 nat (inside) 1433 access-list to-1433 global (outside) 1433 a.b.c.d

static (inside,outside) tcp o.ut.si.de ftp i.n.si.de ftp