PIX Port Forwarding Question

Posted on 2006-04-18
Last Modified: 2013-11-16
I have a Cisco PIX 515E and have a total of 4 static public IPs. I am currently using 3. I need to forward 11 ports (5500 to 5510) to 11 different IPs (not sequencial and in different Subnets).

I'm not exactly sure how to do this.

Here are the scenarios i imagine but really not sure if possible:

- Use my last public IP and set it up to NAT these 11 IPs and forwards ports to the computers.

- Forward the ports on my IP that is being used for NAT to the net.

Really not sure how to do any of this.

Any help would be appreciated

Question by:inf2300
    LVL 9

    Expert Comment

    LVL 3

    Accepted Solution

    First you will need to allow the traffic through an access-list

    access-list outin permit tcp any host Public_ip eq 5500
    access-list outin permit tcp any host Public_ip eq 5501
    access-list outin permit tcp any host Public_ip eq 5502
    access-list outin permit tcp any host Public_ip eq 5503

    Apply the access-list to an interface
    access-group outin in interface outside

    Statically map the outside ip to an inside ip for just the port you want
    static (inside,outside) tcp Public_ip 5500 Inside_IP#1 5500 netmask
    static (inside,outside) tcp Public_ip 5501 Inside_IP#2 5501 netmask
    static (inside,outside) tcp Public_ip 5502 Inside_IP#3 5502 netmask
    static (inside,outside) tcp Public_ip 5503 Inside_IP#4 5503 netmask

    Is this what you are trying to do?


    Author Comment

    Hi Daocs,

    That looks great!! can i do this on my IP which is being used by all my client's to access the net. Basically the ip that is being used for NAT or will this cause problems

    LVL 3

    Expert Comment

    Hey Inf2300,

    Sorry for the delay, my email wasn't coming through until today.

    Yes you can use your Nat Ip, just type 'interface' instead of the public ip or if you do type the actual IP the config will automatically put the word in for you.

    The only way you can not use the NAT ip (or any for that matter) is if you already have a static statment using all the ports instead of just one.

    Let me know if you have anymore questions.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now