how i can forward some port to IP address (in pix 525)

hi
how i can forward some port to IP address
i wnat to forword port 80,110,25 to ip 172.16.110.2 (and i want to use static nat)
is the below command true

X.X.X.X = public ip
static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0
access-list OutsideIn permit tcp any host X.X.X.X eq www                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq smtp                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq pop3      

thanks                                                




nasemabdullaaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
Do this:

static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255

Your access list statements look fine.  Remember to apply the access list to the interface:

access-group OutsideIn in interface outside

Hope this helps...
0
nasemabdullaaAuthor Commented:
hi
thanks for your reply
you mean the command must be like this

static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0
static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255
access-list OutsideIn permit tcp any host X.X.X.X eq www                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq smtp                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq pop3      
access-group OutsideIn in interface outside

is that true or not

thanks
0
batry_boyCommented:
Well, not exactly.

The first static in your above post:

static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0

would cause ALL ports to be forwarded from x.x.x.x to 172.16.110.2.  You stated in your initial question that you wanted to forward 3 ports (smtp, pop3, and www) to 172.16.110.2.  I thought you meant you wanted to use port redirection such that only those 3 ports would be forwarded to the internal host.  If what you meant is that you want to only ALLOW those 3 ports inbound, but translate ALL ports, then your first static is all you would need and you can get rid of the last 3 statics.  Does that make sense?

In other words, the following commands are pointless if the first static is also in there:

static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255

So, to do what you want you only need this one static:

static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0

or these 3 statics, but not both sets of commands:

static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255

Having said this, you will still need the access list statements as they are.  Please let me know if I need to clarify.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nasemabdullaaAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.