[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Pix 506 port forwarding

Posted on 2007-11-14
2
Medium Priority
?
357 Views
Last Modified: 2008-04-09
Hi,

At a customer site I have a sbs 2003 server, ip adress: 192.168.72.25
The IT company before us added the config to the Cisco Pix 503.
Port 25 and 3389 are forwarded to the SBS server.

Now I'm configuring a terminal server with ip adress: 192.168.72.26 with port 3390 opened for RDP traffic.

I've tried to enter the following config to the CISCO:

static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

When I do that i receive the following error:

 ERROR: duplicate of existing static

    from inside:sbs2003  outside:193.172.182.67 netmask 255.255.255.255
Usage:      [no] static [(real_ifc, mapped_ifc)]
            {<mapped_ip>|interface}
            {<real_ip> [netmask <mask>]} | {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]
      [no] static [(real_ifc, mapped_ifc)] {tcp|udp}
            {<mapped_ip>|interface} <mapped_port>
            {<real_ip> <real_port> [netmask <mask>]} |
            {access-list <acl_name>}
            [dns] [norandomseq] [<max_conns> [<emb_lim>]]

Please help
0
Comment
Question by:jbatavier
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Expert Comment

by:wingatesl
ID: 20279679
It looks like port 3390 is already opened to the SBS2003 Server. You will also need to correct your static.
You have this
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0
                                                                                       ^^^^This should be the real inside port for RDP (3389)
I would just use 3391, This static will forward it to 3389 on the server
static (inside,outside) tcp 1.1.1.1 3391 192.168.72.26 3389 netmask 255.255.255.255 0 0
0
 
LVL 12

Accepted Solution

by:
sarangk_14 earned 1500 total points
ID: 20313998
I may be completely wrong here as I haven't worked on a PIX firewall for over a year, but wouldn't it be easy to just say :
no static (inside,outside) tcp 1.1.1.1 3390 193.172.182.67 3390 netmask 255.255.255.255 0 0

and then add the command
static (inside,outside) tcp 1.1.1.1 3390 192.168.72.26 3390 netmask 255.255.255.255 0 0

As I said before my knowledge may be outdated, but I hope this helps. Comments/Suggestions/Corrections are welcome.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question