• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3206
  • Last Modified:

Cisco Pix Port Forwarding

Hello I am trying to do the following.  

Asume one static external IP on a pix.  and 3 internal ips

I am hoping for a configuration that will forward requests on that single ip to internal machines by port(done this on so many soho firewalls, im sure cisco must be able to do it!)

SO..

Someone comes in on port 25 they need to be directed to say 10.0.0.1
comes in on port 80 directed to 10.0.0.2
port 110 10.0.0.3

all the same single external IP forwarding to different IPs internally based upon port.

Thanks :)
0
Brent92663
Asked:
Brent92663
  • 4
  • 3
  • 2
2 Solutions
 
geoffrynCommented:
What version of the PIX IOS are you using?
0
 
Brent92663Author Commented:
the latest..
0
 
geoffrynCommented:
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
dcryslerCommented:
the static command is supposed to accomplish this,

static [(<prenat_if_name>,<postnat_if_name>)] {tcp | udp} {<global_ip> | interface } <global_port> <local_ip> <local_port> [netmask <mask>] [<max_conns> [em_limit]] [norandomseq]

examples;

static (dmz, outside) tcp interface 23 172.16.1.2 23
static (dmz, outside) tcp interface 8080 172.16.1.3 80
static (dmz, outside) tcp interface 21 172.16.1.4 21

0
 
Brent92663Author Commented:
So it has to be on a DMZ?  one of these servers is a domain controller..

Is it okay if its defined as being on the dmz?  will it affect LAN services?
0
 
dcryslerCommented:
no, each interface can be given an alias name which makes the commands more readable.  A 2 interface firewall will typically have the names set to "inside" and "outside".  Many of the examples in my book also use a third interface called "dmz".

So I would try:

static (inside,outside) tcp interface 23 172.16.1.2 23 ....
0
 
Brent92663Author Commented:
Thanks guys! I will give it a whirl!
0
 
Brent92663Author Commented:
Also, which book is your book? If its considered spam to post it,, feel free to email me at brent.richardsREMOVETHIS@REMOVETHISissusa.com
0
 
dcryslerCommented:
Not sure if its considered span so I'll try this...

Cisco Security Specialists Guide to PIX Firewalls.  It's worked out well for me, we just bought our first 2 501's a couple of months ago and it helped me do everything from the initial setup to vpn'ing between the two.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836639/qid=1080322759/sr=1-1/ref=sr_1_1/103-6519157-6866262?v=glance&s=books

cheers
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now