Solved

PIX 501 Port Forwarding

Posted on 2004-10-15
5
342 Views
Last Modified: 2010-04-09
Hi Everyone :),

I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.

public ip 66.116.70.183
private ip 192.168.101.139

Please help :)

Thanks,
mostym
0
Comment
Question by:mostym
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324383
No problem. Depending on the version of PIX OS.
Assuming 6.x

you need two things. Static, and access-lists.
You did not mention TCP or UDP, so I'll show both:
Option 1 - full one-to-one NAT
   static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255
Option 2 - port forwarding only:
     static (inside,outside) tcp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) tcp 66.116.70.183 7778 192.168.101.139 7778
     static (inside,outside) udp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) udp 66.116.70.183 7778 192.168.101.139 7778

Access-list:
    access-list outside_in permit tcp any 66.116.70.183 range 7777 7778
    access-list outside_in permit udp any 66.116.70.183 range 7777 7778

    access-group outside_in in interface outside

Done


0
 

Author Comment

by:mostym
ID: 12324656
Here is what i added to my config file:

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside

For some reason though, local users are not able to access the internet.  However, this configuration does work for public users, as i had a client connect to it.

Help :)
0
 

Author Comment

by:mostym
ID: 12324690
Sorry this is what i added........

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324762
I suspect that you only have the one IP address and you need to use Option #1 port forwarding..
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12324765
Sorry, Option #2 port forwarding..
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco vWLC DHCP issues 36 60
using BGP Attributes 2 108
Current Mac OS X Network Profiles and Firewall 5 73
Swapping port on a  Cisco 5510 firewall 1 19
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question