?
Solved

Help with PAT on PIX

Posted on 2005-02-26
5
Medium Priority
?
336 Views
Last Modified: 2010-04-17
Here is my network schematic:
http://www.streetneeds.com/uploads/ot/net.jpg

I am doing double NAT. Here's the problem:

I have a few hosts BEHIND the firewall, that need to be accessed publicly.  Is this possible?
I'm assuming I will only have to enter PAT statements in my firewall?

Here is what needs to be done:

192.168.4.5 needs to have tcp 80 and 25 forwarded to it  (webserver and mail server)
192.168.2.11 needs to have tcp 22 forwarded to it    (ssh server)

Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 13412593
You're going to have to do it twice...
Once at the router to the PIX outside IP
  ip nat inside static tcp 192.168.1.2 25 <public ip> 25
  ip nat inside static tcp 192.168.1.2 80 <public ip> 80
  ip nat inside static tcp 192.168.1.2 22 <public ip> 22
<etc>

On the PIX:

  static (inside,outside) tcp interface 25 192.168.4.5 25 netmask 255.255.255.255
  static (inside,outside) tcp interface 80 192.168.4.5 80 netmask 255.255.255.255
  static (inside,outside) tcp interface 22 192.168.2.11 22 netmask 255.255.255.255
Plus an access-list
   access-list outside_in permit tcp any interface outside eq 80
   access-list outside_in permit tcp any interface outside eq 25
   access-list outside_in permit tcp any interface outside eq 22
access-group outside_in in interface outside
0
 

Author Comment

by:dissolved
ID: 13412610
thanks!
0
 

Author Comment

by:dissolved
ID: 13412616
On the pix...
static (inside,outside) tcp interface 25 192.168.4.5 25 netmask 255.255.255.255
  static (inside,outside) tcp interface 80 192.168.4.5 80 netmask 255.255.255.255
  static (inside,outside) tcp interface 22 192.168.2.11 22 netmask 255.255.255.255

Which one do I choose? inside or outside in the parenthesis? Or do I write it just as you did?
Thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13412619
You must enter it exactly as is, to include "(inside,outside)"
0
 

Author Comment

by:dissolved
ID: 13412636
thanks man
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question