Pix 506 port forwarding

Hi,

At a customer site I have a sbs 2003 server, ip adress: 192.168.72.25
The IT company before us added the config to the Cisco Pix 503.
Port 25 and 3389 are forwarded to the SBS server.

Now I'm configuring a terminal server with ip adress: 192.168.72.26 with port 3390 opened for RDP traffic.

I've tried to enter the following config to the CISCO:

static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

When I do that i receive the following error:

 ERROR: duplicate of existing static

    from inside:sbs2003  outside:193.172.182.67 netmask 255.255.255.255
Usage:      [no] static [(real_ifc, mapped_ifc)]
            {<mapped_ip>|interface}
            {<real_ip> [netmask <mask>]} | {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]
      [no] static [(real_ifc, mapped_ifc)] {tcp|udp}
            {<mapped_ip>|interface} <mapped_port>
            {<real_ip> <real_port> [netmask <mask>]} |
            {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]

Please help
jbatavierAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
sarangk_14Connect With a Mentor Commented:
I may be completely wrong here as I haven't worked on a PIX firewall for over a year, but wouldn't it be easy to just say :
no static (inside,outside) tcp 1.1.1.1 3390 193.172.182.67 3390 netmask 255.255.255.255 0 0

and then add the command
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

As I said before my knowledge may be outdated, but I hope this helps. Comments/Suggestions/Corrections are welcome.
0
 
wingateslCommented:
It looks like port 3390 is already opened to the SBS2003 Server. You will also need to correct your static.
You have this
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0
                                                                                       ^^^^This should be the real inside port for RDP (3389)
I would just use 3391, This static will forward it to 3389 on the server
static (inside,outside) tcp 1.1.1.1 3391 192.168.72.26 3389 netmask 255.255.255.255 0 0
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.