For the global command, use the INTERFACE argument on the command line; this
will allow outgoing NAT (PAT) connections to use the IP address of the
outside interface:
global (outside) 1 interface
-Shawn
> -----Original Message-----
> From: Eduardo Spremolla [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 25, 2001 1:53 AM
> To: [EMAIL PROTECTED]
> Subject: PIX config on one single public IP
>
>
>
> Hi, I'm traying to configura a PIX firewall with a single public IP.
>
> This is a 3 port firewall:
>
> ip address outside xx.xx.xx.162 255.255.255.252
> ip address inside 10.2.1.249 255.255.255.0
> ip address dmz 10.4.1.2 255.255.0.0
>
> global (outside) 1 xx.xx.xx.78-xx.xx.xx.78 netmask 255.255.255.0
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
>
> static (dmz,outside) 206.99.55.163 10.4.1.1 netmask
> 255.255.255.255 0 0
>
> conduit permit tcp host 206.99.55.163 eq smtp any
> conduit permit udp host 206.99.55.163 eq nameserver any
> conduit permit udp host 206.99.55.163 eq domain any
> conduit permit tcp host 206.99.55.163 eq pop3 any
> conduit permit tcp host 206.99.55.163 eq www any
>
>
> but when I enter the global, the PIX sed: "global overlaps
> with outside
> ip".
>
> How shuld I configure if the ISP just give me one valid IP??
>
> Thanks in advance.
>
>
> Eduardo Spremolla
> Unix consultant
> Montevideo, Uruguay
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
