port forward through the pix

I have to transofrm the port that is comming through the pix to another port to be served to the web server.

I have a pub ip of xxx.xxx.xxx.xxxx with standard port 80
I have made a dns entry on network solutions to point test.mdvnf.com to this IP address
I need my managers to hit this web address and have the pix transform the port to port 4000 to deliver to the hosting server for the app...
I have tried the following with no luck
static (inside,outside) tcp 207.68.36.120 www 128.1.0.30 4000 netmask 255.255.255.255 0 0
redcell5Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jcs5003Commented:
Can you post your pix config ?
Did you add an ACL entry for this as well?
0
redcell5Author Commented:
yes on acl....
Santized config....
PIX Version 6.1(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable
hostname MDVPix
domain-name MDVNF.COM
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
no names
access-list 100 permit ip 128.1.0.0 255.255.0.0 128.1.200.0 255.255.255.0
access-list 100 permit ip 128.5.0.0 255.255.0.0 128.1.200.0 255.255.255.0
access-list 100 permit ip 128.9.0.0 255.255.0.0 128.1.200.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging monitor debugging
logging buffered debugging
logging trap debugging
logging history debugging
logging facility 23
logging host inside 128.1.0.90
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 207.68.36.126 255.255.255.240
ip address inside 128.1.0.13 255.255.0.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnclients 128.1.200.1-128.1.200.50
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pdm location 128.1.0.14 255.255.255.255 inside
pdm location 128.1.0.15 255.255.255.255 inside
pdm location 128.1.0.27 255.255.255.255 inside
pdm location 128.1.0.28 255.255.255.255 inside
pdm location 128.1.0.96 255.255.255.255 inside
pdm location 128.1.0.171 255.255.255.255 inside
pdm location 128.2.0.0 255.255.0.0 inside
pdm location 128.5.0.0 255.255.0.0 inside
pdm location 128.8.0.0 255.255.0.0 inside
pdm location 128.4.0.0 255.255.0.0 inside
pdm location 128.9.0.0 255.255.0.0 inside
pdm location 128.1.1.4 255.255.255.255 inside
pdm location 128.7.0.0 255.255.0.0 inside
pdm location 128.3.0.0 255.255.0.0 inside
pdm location 128.1.50.1 255.255.255.255 inside
pdm location 128.1.50.2 255.255.255.255 inside
pdm location 128.1.1.1 255.255.255.255 inside
pdm location 128.1.0.16 255.255.255.255 inside
pdm location 128.6.0.0 255.255.0.0 inside
pdm logging errors 100
pdm history enable
arp timeout 14400
global (outside) 1 207.68.36.121-207.68.36.123
global (outside) 1 207.68.36.124
nat (inside) 0 access-list 100
nat (inside) 1 128.1.0.0 255.255.0.0 0 0
nat (inside) 1 128.2.0.0 255.255.0.0 0 0
nat (inside) 1 128.3.0.0 255.255.0.0 0 0
nat (inside) 1 128.4.0.0 255.255.0.0 0 0
nat (inside) 1 128.5.0.0 255.255.0.0 0 0
nat (inside) 1 128.6.0.0 255.255.0.0 0 0
nat (inside) 1 128.7.0.0 255.255.0.0 0 0
nat (inside) 1 128.8.0.0 255.255.0.0 0 0
nat (inside) 1 128.9.0.0 255.255.0.0 0 0
static (inside,outside) tcp 207.68.36.120 www 128.1.0.30 4000 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.117 128.1.1.4 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.119 128.1.0.27 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.118 128.1.0.171 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.125 128.1.0.16 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.116 128.1.0.9 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.115 128.1.0.15 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.114 128.1.0.14 netmask 255.255.255.255 0 0
conduit permit tcp host 207.68.36.114 eq www any
conduit permit tcp host 207.68.36.114 eq 443 any
conduit permit tcp host 207.68.36.115 eq www any
conduit permit tcp host 207.68.36.115 eq 443 any
conduit permit tcp host 207.68.36.116 eq smtp any
conduit permit tcp host 207.68.36.116 eq www any
conduit permit tcp host 207.68.36.116 eq pop3 any
conduit permit tcp host 207.68.36.116 eq 443 any
conduit permit tcp host 207.68.36.114 eq 2024 any
conduit permit tcp host 207.68.36.114 eq 4000 any
conduit permit tcp host 207.68.36.118 eq 2024 any
conduit permit tcp host 207.68.36.118 eq 2044 any
conduit permit tcp host 207.68.36.118 eq 2048 any
conduit permit tcp host 207.68.36.118 eq 4000 any
conduit permit tcp host 207.68.36.119 eq 2024 any
conduit permit tcp host 207.68.36.119 eq 4000 any
conduit permit tcp host 207.68.36.118 eq www any
conduit permit tcp host 207.68.36.119 eq www any
conduit permit tcp host 207.68.36.120 eq smtp any
conduit permit tcp host 207.68.36.120 eq www any
conduit permit tcp host 207.68.36.120 eq pop3 any
conduit permit tcp host 207.68.36.120 eq 443 any
conduit permit tcp host 207.68.36.119 eq 2044 any
conduit permit tcp host 207.68.36.119 eq 2048 any
conduit permit tcp host 207.68.36.114 eq 2044 any
conduit permit tcp host 207.68.36.114 eq 2048 any
conduit permit tcp host 207.68.36.117 eq 4080 any
conduit permit tcp host 207.68.36.117 eq 4443 any
conduit permit tcp host 207.68.36.125 eq 443 any
conduit permit tcp host 207.68.36.120 eq 4000 any
outbound   1 permit 128.1.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.2.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.5.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.8.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.4.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.9.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.7.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.3.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.6.0.0 255.255.0.0 0 tcp
outbound   1 deny 0.0.0.0 0.0.0.0 0 tcp
apply (inside) 1 outgoing_src
route outside 0.0.0.0 0.0.0.0 207.68.36.113 1
route inside 128.2.0.0 255.255.0.0 128.1.250.0 1
route inside 128.3.0.0 255.255.0.0 128.1.250.0 1
route inside 128.4.0.0 255.255.0.0 128.1.250.0 1
route inside 128.5.0.0 255.255.0.0 128.1.250.0 1
route inside 128.6.0.0 255.255.0.0 128.1.250.0 1
route inside 128.7.0.0 255.255.0.0 128.1.250.0 1
route inside 128.8.0.0 255.255.0.0 128.1.250.0 1
route inside 128.9.0.0 255.255.0.0 128.1.250.0 1
timeout xlate 24:00:00
timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server radius-authport 1812
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 128.1.0.11 timeout 5
http server enable
http 128.1.0.96 255.255.255.255 inside
http 128.1.50.1 255.255.255.255 inside
http 128.1.50.2 255.255.255.255 inside
snmp-server host inside 128.1.0.90
snmp-server location Norfolk
snmp-server contact Netops 757-858-9440

snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set MDVTRANS esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map MDVMAP 10 set transform-set MDVTRANS
crypto dynamic-map MDVMAP 20 set transform-set MDVTRANS
crypto dynamic-map dynmap 10 set transform-set myset
crypto map MDVMAP1 10 ipsec-isakmp dynamic MDVMAP
crypto map MDVMAP1 client configuration address initiate
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication partnerauth
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local vpnclients outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 128.1.0.16 255.255.255.255 inside
telnet 128.1.50.1 255.255.255.255 inside
telnet 128.1.50.2 255.255.255.255 inside
telnet 128.1.250.0 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
terminal width 80
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.