how i can forward some port to IP address (in pix 525)

hi
how i can forward some port to IP address
i wnat to forword port 80,110,25 to ip 172.16.110.2 (and i want to use static nat)
is the below command true

X.X.X.X = public ip
static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0
access-list OutsideIn permit tcp any host X.X.X.X eq www                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq smtp                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq pop3      

thanks                                                




nasemabdullaaAsked:
Who is Participating?
 
batry_boyConnect With a Mentor Commented:
Well, not exactly.

The first static in your above post:

static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0

would cause ALL ports to be forwarded from x.x.x.x to 172.16.110.2.  You stated in your initial question that you wanted to forward 3 ports (smtp, pop3, and www) to 172.16.110.2.  I thought you meant you wanted to use port redirection such that only those 3 ports would be forwarded to the internal host.  If what you meant is that you want to only ALLOW those 3 ports inbound, but translate ALL ports, then your first static is all you would need and you can get rid of the last 3 statics.  Does that make sense?

In other words, the following commands are pointless if the first static is also in there:

static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255

So, to do what you want you only need this one static:

static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0

or these 3 statics, but not both sets of commands:

static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255

Having said this, you will still need the access list statements as they are.  Please let me know if I need to clarify.
0
 
batry_boyConnect With a Mentor Commented:
Do this:

static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255

Your access list statements look fine.  Remember to apply the access list to the interface:

access-group OutsideIn in interface outside

Hope this helps...
0
 
nasemabdullaaAuthor Commented:
hi
thanks for your reply
you mean the command must be like this

static (inside,outside) X.X.X.X 172.16.110.2 netmask 255.255.255.255 0 0
static (inside,outside) tcp x.x.x.x www 172.16.110.2 www netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x smtp 172.16.110.2 smtp netmask 255.255.255.255
static (inside,outside) tcp x.x.x.x pop3 172.16.110.2 pop3 netmask 255.255.255.255
access-list OutsideIn permit tcp any host X.X.X.X eq www                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq smtp                                                            
access-list OutsideIn permit tcp any host X.X.X.X eq pop3      
access-group OutsideIn in interface outside

is that true or not

thanks
0
 
nasemabdullaaAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.