Problem solve Get help with specific problems with your technologies, process and projects.

Does a firewall need two static IPs for port forwarding?

See if it takes two static IPs to accomplish port forwarding in a Cisco firewall, in this expert response from network security expert Puneet Mehta.

I am using a Cisco PIX Version 6.3(5) firewall and I have only one static IP. My supporters tell me that it takes two static IPs to do port forwarding in a firewall. Is it true that I require two static IPs? Please explain, if this is so.

Port forwarding is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router.

Routers are configured with two interfaces: One is your WAN interface that connects to the Internet and is configured with a Public IP address (xxx.xxx.xxx.xxx) provided by your ISP. The second is an internal (LAN) network interface which is configured with your local internal (LAN) static IP address (192.xxx.xxx.xxx).

This was last published in October 2007

Dig Deeper on Network Security Best Practices and Products