[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Cisco Pix Port Forwarding

Posted on 2004-03-26
9
Medium Priority
?
3,201 Views
Last Modified: 2007-11-27
Hello I am trying to do the following.  

Asume one static external IP on a pix.  and 3 internal ips

I am hoping for a configuration that will forward requests on that single ip to internal machines by port(done this on so many soho firewalls, im sure cisco must be able to do it!)

SO..

Someone comes in on port 25 they need to be directed to say 10.0.0.1
comes in on port 80 directed to 10.0.0.2
port 110 10.0.0.3

all the same single external IP forwarding to different IPs internally based upon port.

Thanks :)
0
Comment
Question by:Brent92663
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 10688528
What version of the PIX IOS are you using?
0
 

Author Comment

by:Brent92663
ID: 10688554
the latest..
0
 
LVL 11

Assisted Solution

by:geoffryn
geoffryn earned 200 total points
ID: 10688592
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 1

Accepted Solution

by:
dcrysler earned 800 total points
ID: 10688655
the static command is supposed to accomplish this,

static [(<prenat_if_name>,<postnat_if_name>)] {tcp | udp} {<global_ip> | interface } <global_port> <local_ip> <local_port> [netmask <mask>] [<max_conns> [em_limit]] [norandomseq]

examples;

static (dmz, outside) tcp interface 23 172.16.1.2 23
static (dmz, outside) tcp interface 8080 172.16.1.3 80
static (dmz, outside) tcp interface 21 172.16.1.4 21

0
 

Author Comment

by:Brent92663
ID: 10688786
So it has to be on a DMZ?  one of these servers is a domain controller..

Is it okay if its defined as being on the dmz?  will it affect LAN services?
0
 
LVL 1

Expert Comment

by:dcrysler
ID: 10688931
no, each interface can be given an alias name which makes the commands more readable.  A 2 interface firewall will typically have the names set to "inside" and "outside".  Many of the examples in my book also use a third interface called "dmz".

So I would try:

static (inside,outside) tcp interface 23 172.16.1.2 23 ....
0
 

Author Comment

by:Brent92663
ID: 10689211
Thanks guys! I will give it a whirl!
0
 

Author Comment

by:Brent92663
ID: 10689217
Also, which book is your book? If its considered spam to post it,, feel free to email me at brent.richardsREMOVETHIS@REMOVETHISissusa.com
0
 
LVL 1

Expert Comment

by:dcrysler
ID: 10689289
Not sure if its considered span so I'll try this...

Cisco Security Specialists Guide to PIX Firewalls.  It's worked out well for me, we just bought our first 2 501's a couple of months ago and it helped me do everything from the initial setup to vpn'ing between the two.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836639/qid=1080322759/sr=1-1/ref=sr_1_1/103-6519157-6866262?v=glance&s=books

cheers
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question