Solved

Pix 506 port forwarding

Posted on 2007-11-14
2
340 Views
Last Modified: 2008-04-09
Hi,

At a customer site I have a sbs 2003 server, ip adress: 192.168.72.25
The IT company before us added the config to the Cisco Pix 503.
Port 25 and 3389 are forwarded to the SBS server.

Now I'm configuring a terminal server with ip adress: 192.168.72.26 with port 3390 opened for RDP traffic.

I've tried to enter the following config to the CISCO:

static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

When I do that i receive the following error:

 ERROR: duplicate of existing static

    from inside:sbs2003  outside:193.172.182.67 netmask 255.255.255.255
Usage:      [no] static [(real_ifc, mapped_ifc)]
            {<mapped_ip>|interface}
            {<real_ip> [netmask <mask>]} | {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]
      [no] static [(real_ifc, mapped_ifc)] {tcp|udp}
            {<mapped_ip>|interface} <mapped_port>
            {<real_ip> <real_port> [netmask <mask>]} |
            {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]

Please help
0
Comment
Question by:jbatavier
2 Comments
 
LVL 15

Expert Comment

by:wingatesl
ID: 20279679
It looks like port 3390 is already opened to the SBS2003 Server. You will also need to correct your static.
You have this
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0
                                                                                       ^^^^This should be the real inside port for RDP (3389)
I would just use 3391, This static will forward it to 3389 on the server
static (inside,outside) tcp 1.1.1.1 3391 192.168.72.26 3389 netmask 255.255.255.255 0 0
0
 
LVL 12

Accepted Solution

by:
sarangk_14 earned 500 total points
ID: 20313998
I may be completely wrong here as I haven't worked on a PIX firewall for over a year, but wouldn't it be easy to just say :
no static (inside,outside) tcp 1.1.1.1 3390 193.172.182.67 3390 netmask 255.255.255.255 0 0

and then add the command
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

As I said before my knowledge may be outdated, but I hope this helps. Comments/Suggestions/Corrections are welcome.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question