Cisco Configuration

Details
Category: PC Stuff
Hits: 3186
Cisco configuration from Experts-exchange using multiple external IPs
Accepted Answer from grblades
Date: 07/22/2004 10:38AM PDT
Grade: A
 Accepted Answer 


Yes it will work fine as that is what is is designed to do. Infact when you look at configuration examples from the Cisco website it is difficult finding an example which only uses a single external IP address :)

Here are a few links for you:-
PIX configuration examples - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
PIX configuration basics - http://www.netcraftsmen.net/welcher/papers/pix01.html
PIX ssh configuration - http://www.tech-recipes.com/modules.php?name=Recipes&rx_id=215
My Pages:-
PIX as multi user VPN server - http://www.gbnetwork.co.uk/networking/ciscopixvpnradius.html
PIX as a home DSL firewall - http://www.gbnetwork.co.uk/networking/ciscopixhomedsl.html
 
 
Comment from grblades
Date: 07/27/2004 12:38AM PDT
 Comment 


Here is a section of configuration for the PIX to setup the outside interface with webservers etc... behind it.
Your router is 1.1.1.41 and the PIX IP is 1.1.1.42. 1.1.1.43 is used to NAT all internal machines which don't have a static mapping.
1.1.1.44 onwards is used by the web and other servers. 1.1.1.44 redirects to the internal machine 192.168.1.44 etc...

ip address outside 1.1.1.42 255.255.255.240
route outside 0.0.0.0 0.0.0.0 1.1.1.41 1
global (outside) 1 1.1.1.43
nat (inside) 1 10.0.0.0 255.255.0.0 0 0
static (inside,outside) 1.1.1.44 192.168.1.44 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.45 192.168.1.45 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.46 192.168.1.46 netmask 255.255.255.255 0 0
static (inside,outside) 1.1.1.47 192.168.1.47 netmask 255.255.255.255 0 0
access-list outside_in permit any host 1.1.1.44 eq www
access-list outside_in permit any host 1.1.1.44 eq https
access-list outside_in permit any host 1.1.1.44 eq ftp
access-list outside_in permit any host 1.1.1.45 eq www
access-list outside_in permit any host 1.1.1.45 eq https
access-list outside_in permit any host 1.1.1.45 eq smtp
access-list outside_in permit any host 1.1.1.46 eq www
access-list outside_in permit any host 1.1.1.46 eq https
access-list outside_in permit any host 1.1.1.47 eq www
access-list outside_in permit any host 1.1.1.48 eq https
access-group outside_in in interface outside

Comment from carrzkiss
Date: 07/29/2004 06:50PM PDT
 Author Comment 

Hello [grblades];

  Can you please take a look at this problem please?
Maybe you may not what to tell me.


Thank You
Wayne