Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

PIX Port Forwarding Question

I have a Cisco PIX 515E and have a total of 4 static public IPs. I am currently using 3. I need to forward 11 ports (5500 to 5510) to 11 different IPs (not sequencial and in different Subnets).

I'm not exactly sure how to do this.

Here are the scenarios i imagine but really not sure if possible:

- Use my last public IP and set it up to NAT these 11 IPs and forwards ports to the computers.

- Forward the ports on my IP that is being used for NAT to the net.

Really not sure how to do any of this.

Any help would be appreciated

Thanks
0
inf2300
Asked:
inf2300
  • 2
1 Solution
 
daocsCommented:
First you will need to allow the traffic through an access-list

access-list outin permit tcp any host Public_ip eq 5500
access-list outin permit tcp any host Public_ip eq 5501
access-list outin permit tcp any host Public_ip eq 5502
access-list outin permit tcp any host Public_ip eq 5503
etc..

Apply the access-list to an interface
access-group outin in interface outside

Statically map the outside ip to an inside ip for just the port you want
static (inside,outside) tcp Public_ip 5500 Inside_IP#1 5500 netmask 255.255.255.255
static (inside,outside) tcp Public_ip 5501 Inside_IP#2 5501 netmask 255.255.255.255
static (inside,outside) tcp Public_ip 5502 Inside_IP#3 5502 netmask 255.255.255.255
static (inside,outside) tcp Public_ip 5503 Inside_IP#4 5503 netmask 255.255.255.255
etc...

Is this what you are trying to do?

0
 
inf2300Author Commented:
Hi Daocs,

That looks great!! can i do this on my IP which is being used by all my client's to access the net. Basically the ip that is being used for NAT or will this cause problems

Thanks
0
 
daocsCommented:
Hey Inf2300,

Sorry for the delay, my email wasn't coming through until today.

Yes you can use your Nat Ip, just type 'interface' instead of the public ip or if you do type the actual IP the config will automatically put the word in for you.

The only way you can not use the NAT ip (or any for that matter) is if you already have a static statment using all the ports instead of just one.

Let me know if you have anymore questions.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now