What you normally do in this situation is to use static's. Lets assume the following: Inside server address 10.10.10.10 Outside server address 20.20.20.20 Ports needed 80,443,25
You place the server on the inside network, then use the following commands: Static (inside,outside) 20.20.20.20 10.10.10.10 netmask 255.255.255.255 This tells the FW to take any request for address 20.20.20.20 and send them to 10.10.10.10 Next assuming ACL's on the PIX you would do this: ( and assuming the ACL that is applied to the external interface is outside_acl ) Access-list outside_acl permit tcp any host 20.20.20.20 eq 80 Access-list outside_acl permit tcp any host 20.20.20.20 eq 443 Access-list outside_acl permit tcp any host 20.20.20.20 eq 25 Notice that you permit traffic to the external address. That's the "normal" way to do it and protect the server when 2 interfaces are all that are available. Thanks Larry -----Original Message----- From: Zahid Hassan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 3:36 PM To: [EMAIL PROTECTED] Subject: PIX Question [7:51095] Hi All, I have got a PIX firewall with two interfaces, the outside interface has a public IP address and inside a private IP address. I will need to connect a server with a public IP address. I know that the PIX firewall can be configured not to NAT a specific IP address. Can I connect a server with a public IP address on the inside interface of the PIX ? If yes, what will be the default gateway, the inside or the outside interface of the PIX ? Thanks in advance. Zahid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51100&t=51095 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
