I know it's possible with a PIX. My home 501 is doing all of these things for
my house and it obtains its outside IP address via DHCP.
Simply configure the outside interface with your single IP,
Configure the VPN services to allow clients or LAN-LAN connectivity as normal,
Use static commands that translate individual ports such as...
static (inside,outside) tcp interface 3389 192.168.1.100 3389 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface 8080 192.168.1.44 8080 netmask
255.255.255.255 0 0
My VPN client connects just fine and the above statics permit T/S and web
access when I don't have the client. Notice how port 3389 goes to one inside
address and 8080 does to another?
On the 501 I don't have a DMZ interface, but that would make little difference
to the config. The statics and access lists could simply point to the dmz
interface instead of inside as I've shown here.
Cool?
________________________________
From: Kelvin Tarver [mailto:ktarver@fitnc.com]
Sent: Thu 2/17/2005 3:35 AM
To: firewalls@securityfocus.com
Subject: Single public ip address
Is there a way to have a single ip address do the following:
1)Function as the outside interface of a firewall.
2)Use that same public ip address, and outside interface to function as a vpn
server.
3) Have the same public ip address PAT to a public web Server on the dmz.
The goal is to have the outside interface of a firewall, vpn server, and a
public webserver to share the one public ip address.
Is this possible? I'm convienced it isn't possible, but I might be missing
something. Any insight on this issue would be greatly appreciated.
Thanks.
