I have an old PIX 506 in a test area that I would like to configure to route certain traffic to 1 IP while leaving everything else as is...
Basically I want the following.... but am unsure how to do so...
Internet -> PIX [192.168.1.1] -> Web Server [ [192.168.1.10x]] [currently setup for all IPs on webserver]
Internet -> PIX [192.168.1.1] -> Proxy [10.0.0.1] -> Web Service [ [192.168.1.111]]
Hmmm, thought I covered this in a posting last week.
You probably cannot do -exactly- what you are asking in PIX 5 or PIX 6. That's because you cannot *route* selectively in PIX 5 or PIX 6 (except whatever you can manage with OSPF route-maps).
What you can do is static traffic to different locations. In PIX 5 through PIX 6.0, you can selectively static incoming traffic only according to the destination (higher security) IP.
Starting from PIX 6.1, you can also selectively static incoming traffic according to the destination protocol (TCP or UDP) and port together (individually specified -- no ranges or wildcard in that syntax.)
Starting from PIX 6.3, you can selectively static incoming traffic according to an ACL, which may specify protocol, source address, source port, destination address, destination port, icmp type .
access-list go4it permit tcp host 123.45.67.89 interface eq 3898 static (inside,outside) interface access-list go4it static (inside,outside) interface 10.0.0.1 netmask 255.255.255.255
because that plain static has higher priority than the other static, so the access-list will never be examined.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.