Cisco Pix 515 port forwarding

Are you using the PDM interface?  If so, go to the TRANSLATIONS RULES lable, and ADD a new Rule.

There, you can select the source and the destination.

If this don´t help you, please give me the version of PIX and PDM, and try to draw better what exactly do you want to do.

Greetings.

It should be pretty simple to do a port forward using telnet;

Say your internal web server is 10.10.10.10 and you want to port forward the PIX outside interface address, all you do is this;

static (inside,outside) tcp interface www 10.10.10.10 www netmask 255.255.255.255

access-list Outside-In permit ip any interface outside eq www
access-group Outside-In in interface outside


That should be it.

Cheers,
Rajesh

Agree w/ Rajesh's example, if you only have the single public IP available, but be sure to run 'clear xlate'  _before_ adding/modifying any NAT/static NAT entries.

noerdar - You can also run CLI commands from within PDM: go to: Tools -> Command Line Interface... -> & either paste in a single-line command in the "command:" input box, or: click "Multiple Line Command" button, paste in multiple lines of commands, hit "Send" button.

cheers

Su but where does the specefic port in the line "static (inside,outside) tcp interface www 10.10.10.10 www netmask 255.255.255.255" come in.


My internal server har the ip 192.168.1.2 and outside is 80.124.240.60 for example nad i want to map port lets say port 5000 to the internal ip. The port number is not represented in "static (inside,outside) tcp interface www 10.10.10.10 www netmask 255.255.255.255".

The pix is actually a PIX 506 and not 515 sorry about that. And im using the PDM for the most, but i can use telnet if that is better.

Please follow up on my response

re: The port number is not represented in "static (inside,outside) tcp interface www 10.10.10.10 www netmask 255.255.255.255"."

it is represnted by www, as www=80

although the PDM or it's predecessor ASDM are helpful, it is usually best to ask EE questions reguarding CLI commands becasue EE is a text only forum.

ok, but then i still dont get it. How do i make the port forward on a request from the outside to an internal IP

ok but how does I represent port 5800 f.eks.

www is an alias to port 80

when making the config, you may use either www or http or 80 in the same spot in the comands, Cisco turns around and renames them www, or http depending on the IOS series and version.  

static (inside,outside) tcp interface www 10.10.10.10 www netmask 255.255.255.255
                                          |          |           |             |
                             use interface   port#    inside IP   port#
                    instead of IP so that
                    chaning IPs is easier

>ok but how does I represent port 5800 f.eks
   What protocol, TCP or UDP?  Or both?
Examples:
-----------
NOTE: always run "clear xlate" before adding/removing static NAT entries.

A) TCP only, using outside interface's IP:
  static (inside,outside) tcp interface 5800 10.10.10.10 5800

B) UDP only, using outside interface's IP:
  static (inside,outside) udp interface 5800 10.10.10.10 5800

C) Both TCP & UDP, using outside interface's IP:
  static (inside,outside) tcp interface 5800 10.10.10.10 5800
  static (inside,outside) udp interface 5800 10.10.10.10 5800

D) TCP only, using some other public IP:
  static (inside,outside) tcp 88.77.66.11 5800 10.10.10.10 5800

Like carl_legere mentioned, the PIX will display some commonly used ports by their service name when displaying the config, such as "www" for TCP port 80, & "smtp" instead of TCP port 25.

cheers

ok thx. I will try it and get back to you all on 04-07-2006 or in european 7/4-2006. Thanks for the help so far.

I any of you have som links to some good tutorial guides og help on configuring Cisco Pix models with telnet or PDM, then please write them here. All help is appreciated.

thx