I have a PIX sitting behind a DSL router with a public DHCP address. I would like to do the following:
1) If a www request comes in send to host A (10.0.0.111) 2) If a PCanywhere request comes in send to host A (10.0.0.111) 3) If a AH request(authentication header - needed for my VPN tunnel establishment from behind the PIX), send to host B (10.0.0.5) Here is how my PIX is setup now: static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 www static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 pcanywhere-data static (inside,outside) udp interface pcanywhere-status 10.0.0.111 pcanywhere-status This covers 1 & 2 fine. However, I can't make number three work without creating a plain static to 10.0.0.5, because the VPN tunnel establishment does not use TCP or UDP therefore, I can't do a port redirect. It uses AH. It seems to me that if I did the following setup, it would work because the PIX should evaluate statics sequentially. But is does not work, it sends all requests to 10.0.0.5, totally ignoring the port redirected statics to 10.0.0.111 static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 www static (inside,outside) tcp interface pcanywhere-data 10.0.0.111 pcanywhere-data static (inside,outside) udp interface pcanywhere-status 10.0.0.111 pcanywhere-status static (inside,outside) interface 10.0.0.5 Does anyone have an idea of how I could get this to work? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63638&t=63638 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
