Solved

Pix 506 port forwarding

Posted on 2007-11-14
2
337 Views
Last Modified: 2008-04-09
Hi,

At a customer site I have a sbs 2003 server, ip adress: 192.168.72.25
The IT company before us added the config to the Cisco Pix 503.
Port 25 and 3389 are forwarded to the SBS server.

Now I'm configuring a terminal server with ip adress: 192.168.72.26 with port 3390 opened for RDP traffic.

I've tried to enter the following config to the CISCO:

static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

When I do that i receive the following error:

 ERROR: duplicate of existing static

    from inside:sbs2003  outside:193.172.182.67 netmask 255.255.255.255
Usage:      [no] static [(real_ifc, mapped_ifc)]
            {<mapped_ip>|interface}
            {<real_ip> [netmask <mask>]} | {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]
      [no] static [(real_ifc, mapped_ifc)] {tcp|udp}
            {<mapped_ip>|interface} <mapped_port>
            {<real_ip> <real_port> [netmask <mask>]} |
            {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]

Please help
0
Comment
Question by:jbatavier
2 Comments
 
LVL 15

Expert Comment

by:wingatesl
ID: 20279679
It looks like port 3390 is already opened to the SBS2003 Server. You will also need to correct your static.
You have this
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0
                                                                                       ^^^^This should be the real inside port for RDP (3389)
I would just use 3391, This static will forward it to 3389 on the server
static (inside,outside) tcp 1.1.1.1 3391 192.168.72.26 3389 netmask 255.255.255.255 0 0
0
 
LVL 12

Accepted Solution

by:
sarangk_14 earned 500 total points
ID: 20313998
I may be completely wrong here as I haven't worked on a PIX firewall for over a year, but wouldn't it be easy to just say :
no static (inside,outside) tcp 1.1.1.1 3390 193.172.182.67 3390 netmask 255.255.255.255 0 0

and then add the command
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

As I said before my knowledge may be outdated, but I hope this helps. Comments/Suggestions/Corrections are welcome.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2 routers, one cable modem 10 86
Access List 4 32
Cisco IP NAT Translation not working 9 26
RDP on 4321 Router 33 49
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now