Solved

PIX 501 Port Forwarding

Posted on 2004-10-15
5
339 Views
Last Modified: 2010-04-09
Hi Everyone :),

I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.

public ip 66.116.70.183
private ip 192.168.101.139

Please help :)

Thanks,
mostym
0
Comment
Question by:mostym
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324383
No problem. Depending on the version of PIX OS.
Assuming 6.x

you need two things. Static, and access-lists.
You did not mention TCP or UDP, so I'll show both:
Option 1 - full one-to-one NAT
   static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255
Option 2 - port forwarding only:
     static (inside,outside) tcp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) tcp 66.116.70.183 7778 192.168.101.139 7778
     static (inside,outside) udp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) udp 66.116.70.183 7778 192.168.101.139 7778

Access-list:
    access-list outside_in permit tcp any 66.116.70.183 range 7777 7778
    access-list outside_in permit udp any 66.116.70.183 range 7777 7778

    access-group outside_in in interface outside

Done


0
 

Author Comment

by:mostym
ID: 12324656
Here is what i added to my config file:

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside

For some reason though, local users are not able to access the internet.  However, this configuration does work for public users, as i had a client connect to it.

Help :)
0
 

Author Comment

by:mostym
ID: 12324690
Sorry this is what i added........

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324762
I suspect that you only have the one IP address and you need to use Option #1 port forwarding..
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12324765
Sorry, Option #2 port forwarding..
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now