Solved

Cisco Pix Port Forwarding

Posted on 2004-03-26
9
3,184 Views
Last Modified: 2007-11-27
Hello I am trying to do the following.  

Asume one static external IP on a pix.  and 3 internal ips

I am hoping for a configuration that will forward requests on that single ip to internal machines by port(done this on so many soho firewalls, im sure cisco must be able to do it!)

SO..

Someone comes in on port 25 they need to be directed to say 10.0.0.1
comes in on port 80 directed to 10.0.0.2
port 110 10.0.0.3

all the same single external IP forwarding to different IPs internally based upon port.

Thanks :)
0
Comment
Question by:Brent92663
  • 4
  • 3
  • 2
9 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 10688528
What version of the PIX IOS are you using?
0
 

Author Comment

by:Brent92663
ID: 10688554
the latest..
0
 
LVL 11

Assisted Solution

by:geoffryn
geoffryn earned 50 total points
ID: 10688592
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 1

Accepted Solution

by:
dcrysler earned 200 total points
ID: 10688655
the static command is supposed to accomplish this,

static [(<prenat_if_name>,<postnat_if_name>)] {tcp | udp} {<global_ip> | interface } <global_port> <local_ip> <local_port> [netmask <mask>] [<max_conns> [em_limit]] [norandomseq]

examples;

static (dmz, outside) tcp interface 23 172.16.1.2 23
static (dmz, outside) tcp interface 8080 172.16.1.3 80
static (dmz, outside) tcp interface 21 172.16.1.4 21

0
 

Author Comment

by:Brent92663
ID: 10688786
So it has to be on a DMZ?  one of these servers is a domain controller..

Is it okay if its defined as being on the dmz?  will it affect LAN services?
0
 
LVL 1

Expert Comment

by:dcrysler
ID: 10688931
no, each interface can be given an alias name which makes the commands more readable.  A 2 interface firewall will typically have the names set to "inside" and "outside".  Many of the examples in my book also use a third interface called "dmz".

So I would try:

static (inside,outside) tcp interface 23 172.16.1.2 23 ....
0
 

Author Comment

by:Brent92663
ID: 10689211
Thanks guys! I will give it a whirl!
0
 

Author Comment

by:Brent92663
ID: 10689217
Also, which book is your book? If its considered spam to post it,, feel free to email me at brent.richardsREMOVETHIS@REMOVETHISissusa.com
0
 
LVL 1

Expert Comment

by:dcrysler
ID: 10689289
Not sure if its considered span so I'll try this...

Cisco Security Specialists Guide to PIX Firewalls.  It's worked out well for me, we just bought our first 2 501's a couple of months ago and it helped me do everything from the initial setup to vpn'ing between the two.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836639/qid=1080322759/sr=1-1/ref=sr_1_1/103-6519157-6866262?v=glance&s=books

cheers
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question