Solved

Cisco Pix Port Forwarding

Posted on 2004-03-26
9
3,171 Views
Last Modified: 2007-11-27
Hello I am trying to do the following.  

Asume one static external IP on a pix.  and 3 internal ips

I am hoping for a configuration that will forward requests on that single ip to internal machines by port(done this on so many soho firewalls, im sure cisco must be able to do it!)

SO..

Someone comes in on port 25 they need to be directed to say 10.0.0.1
comes in on port 80 directed to 10.0.0.2
port 110 10.0.0.3

all the same single external IP forwarding to different IPs internally based upon port.

Thanks :)
0
Comment
Question by:Brent92663
  • 4
  • 3
  • 2
9 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 10688528
What version of the PIX IOS are you using?
0
 

Author Comment

by:Brent92663
ID: 10688554
the latest..
0
 
LVL 11

Assisted Solution

by:geoffryn
geoffryn earned 50 total points
ID: 10688592
0
 
LVL 1

Accepted Solution

by:
dcrysler earned 200 total points
ID: 10688655
the static command is supposed to accomplish this,

static [(<prenat_if_name>,<postnat_if_name>)] {tcp | udp} {<global_ip> | interface } <global_port> <local_ip> <local_port> [netmask <mask>] [<max_conns> [em_limit]] [norandomseq]

examples;

static (dmz, outside) tcp interface 23 172.16.1.2 23
static (dmz, outside) tcp interface 8080 172.16.1.3 80
static (dmz, outside) tcp interface 21 172.16.1.4 21

0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:Brent92663
ID: 10688786
So it has to be on a DMZ?  one of these servers is a domain controller..

Is it okay if its defined as being on the dmz?  will it affect LAN services?
0
 
LVL 1

Expert Comment

by:dcrysler
ID: 10688931
no, each interface can be given an alias name which makes the commands more readable.  A 2 interface firewall will typically have the names set to "inside" and "outside".  Many of the examples in my book also use a third interface called "dmz".

So I would try:

static (inside,outside) tcp interface 23 172.16.1.2 23 ....
0
 

Author Comment

by:Brent92663
ID: 10689211
Thanks guys! I will give it a whirl!
0
 

Author Comment

by:Brent92663
ID: 10689217
Also, which book is your book? If its considered spam to post it,, feel free to email me at brent.richardsREMOVETHIS@REMOVETHISissusa.com
0
 
LVL 1

Expert Comment

by:dcrysler
ID: 10689289
Not sure if its considered span so I'll try this...

Cisco Security Specialists Guide to PIX Firewalls.  It's worked out well for me, we just bought our first 2 501's a couple of months ago and it helped me do everything from the initial setup to vpn'ing between the two.

http://www.amazon.com/exec/obidos/tg/detail/-/1931836639/qid=1080322759/sr=1-1/ref=sr_1_1/103-6519157-6866262?v=glance&s=books

cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

30 Experts available now in Live!

Get 1:1 Help Now