[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

port forward through the pix

Posted on 2008-11-03
2
Medium Priority
?
568 Views
Last Modified: 2012-06-22
I have to transofrm the port that is comming through the pix to another port to be served to the web server.

I have a pub ip of xxx.xxx.xxx.xxxx with standard port 80
I have made a dns entry on network solutions to point test.mdvnf.com to this IP address
I need my managers to hit this web address and have the pix transform the port to port 4000 to deliver to the hosting server for the app...
I have tried the following with no luck
static (inside,outside) tcp 207.68.36.120 www 128.1.0.30 4000 netmask 255.255.255.255 0 0
0
Comment
Question by:redcell5
2 Comments
 
LVL 2

Assisted Solution

by:jcs5003
jcs5003 earned 1000 total points
ID: 22871752
Can you post your pix config ?
Did you add an ACL entry for this as well?
0
 

Accepted Solution

by:
redcell5 earned 0 total points
ID: 22875570
yes on acl....
Santized config....
PIX Version 6.1(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable
hostname MDVPix
domain-name MDVNF.COM
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
no names
access-list 100 permit ip 128.1.0.0 255.255.0.0 128.1.200.0 255.255.255.0
access-list 100 permit ip 128.5.0.0 255.255.0.0 128.1.200.0 255.255.255.0
access-list 100 permit ip 128.9.0.0 255.255.0.0 128.1.200.0 255.255.255.0
pager lines 24
logging on
logging timestamp
logging monitor debugging
logging buffered debugging
logging trap debugging
logging history debugging
logging facility 23
logging host inside 128.1.0.90
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 207.68.36.126 255.255.255.240
ip address inside 128.1.0.13 255.255.0.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnclients 128.1.200.1-128.1.200.50
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pdm location 128.1.0.14 255.255.255.255 inside
pdm location 128.1.0.15 255.255.255.255 inside
pdm location 128.1.0.27 255.255.255.255 inside
pdm location 128.1.0.28 255.255.255.255 inside
pdm location 128.1.0.96 255.255.255.255 inside
pdm location 128.1.0.171 255.255.255.255 inside
pdm location 128.2.0.0 255.255.0.0 inside
pdm location 128.5.0.0 255.255.0.0 inside
pdm location 128.8.0.0 255.255.0.0 inside
pdm location 128.4.0.0 255.255.0.0 inside
pdm location 128.9.0.0 255.255.0.0 inside
pdm location 128.1.1.4 255.255.255.255 inside
pdm location 128.7.0.0 255.255.0.0 inside
pdm location 128.3.0.0 255.255.0.0 inside
pdm location 128.1.50.1 255.255.255.255 inside
pdm location 128.1.50.2 255.255.255.255 inside
pdm location 128.1.1.1 255.255.255.255 inside
pdm location 128.1.0.16 255.255.255.255 inside
pdm location 128.6.0.0 255.255.0.0 inside
pdm logging errors 100
pdm history enable
arp timeout 14400
global (outside) 1 207.68.36.121-207.68.36.123
global (outside) 1 207.68.36.124
nat (inside) 0 access-list 100
nat (inside) 1 128.1.0.0 255.255.0.0 0 0
nat (inside) 1 128.2.0.0 255.255.0.0 0 0
nat (inside) 1 128.3.0.0 255.255.0.0 0 0
nat (inside) 1 128.4.0.0 255.255.0.0 0 0
nat (inside) 1 128.5.0.0 255.255.0.0 0 0
nat (inside) 1 128.6.0.0 255.255.0.0 0 0
nat (inside) 1 128.7.0.0 255.255.0.0 0 0
nat (inside) 1 128.8.0.0 255.255.0.0 0 0
nat (inside) 1 128.9.0.0 255.255.0.0 0 0
static (inside,outside) tcp 207.68.36.120 www 128.1.0.30 4000 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.117 128.1.1.4 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.119 128.1.0.27 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.118 128.1.0.171 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.125 128.1.0.16 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.116 128.1.0.9 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.115 128.1.0.15 netmask 255.255.255.255 0 0
static (inside,outside) 207.68.36.114 128.1.0.14 netmask 255.255.255.255 0 0
conduit permit tcp host 207.68.36.114 eq www any
conduit permit tcp host 207.68.36.114 eq 443 any
conduit permit tcp host 207.68.36.115 eq www any
conduit permit tcp host 207.68.36.115 eq 443 any
conduit permit tcp host 207.68.36.116 eq smtp any
conduit permit tcp host 207.68.36.116 eq www any
conduit permit tcp host 207.68.36.116 eq pop3 any
conduit permit tcp host 207.68.36.116 eq 443 any
conduit permit tcp host 207.68.36.114 eq 2024 any
conduit permit tcp host 207.68.36.114 eq 4000 any
conduit permit tcp host 207.68.36.118 eq 2024 any
conduit permit tcp host 207.68.36.118 eq 2044 any
conduit permit tcp host 207.68.36.118 eq 2048 any
conduit permit tcp host 207.68.36.118 eq 4000 any
conduit permit tcp host 207.68.36.119 eq 2024 any
conduit permit tcp host 207.68.36.119 eq 4000 any
conduit permit tcp host 207.68.36.118 eq www any
conduit permit tcp host 207.68.36.119 eq www any
conduit permit tcp host 207.68.36.120 eq smtp any
conduit permit tcp host 207.68.36.120 eq www any
conduit permit tcp host 207.68.36.120 eq pop3 any
conduit permit tcp host 207.68.36.120 eq 443 any
conduit permit tcp host 207.68.36.119 eq 2044 any
conduit permit tcp host 207.68.36.119 eq 2048 any
conduit permit tcp host 207.68.36.114 eq 2044 any
conduit permit tcp host 207.68.36.114 eq 2048 any
conduit permit tcp host 207.68.36.117 eq 4080 any
conduit permit tcp host 207.68.36.117 eq 4443 any
conduit permit tcp host 207.68.36.125 eq 443 any
conduit permit tcp host 207.68.36.120 eq 4000 any
outbound   1 permit 128.1.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.2.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.5.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.8.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.4.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.9.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.7.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.3.0.0 255.255.0.0 0 tcp
outbound   1 permit 128.6.0.0 255.255.0.0 0 tcp
outbound   1 deny 0.0.0.0 0.0.0.0 0 tcp
apply (inside) 1 outgoing_src
route outside 0.0.0.0 0.0.0.0 207.68.36.113 1
route inside 128.2.0.0 255.255.0.0 128.1.250.0 1
route inside 128.3.0.0 255.255.0.0 128.1.250.0 1
route inside 128.4.0.0 255.255.0.0 128.1.250.0 1
route inside 128.5.0.0 255.255.0.0 128.1.250.0 1
route inside 128.6.0.0 255.255.0.0 128.1.250.0 1
route inside 128.7.0.0 255.255.0.0 128.1.250.0 1
route inside 128.8.0.0 255.255.0.0 128.1.250.0 1
route inside 128.9.0.0 255.255.0.0 128.1.250.0 1
timeout xlate 24:00:00
timeout conn 12:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server radius-authport 1812
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 128.1.0.11 timeout 5
http server enable
http 128.1.0.96 255.255.255.255 inside
http 128.1.50.1 255.255.255.255 inside
http 128.1.50.2 255.255.255.255 inside
snmp-server host inside 128.1.0.90
snmp-server location Norfolk
snmp-server contact Netops 757-858-9440

snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set MDVTRANS esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map MDVMAP 10 set transform-set MDVTRANS
crypto dynamic-map MDVMAP 20 set transform-set MDVTRANS
crypto dynamic-map dynmap 10 set transform-set myset
crypto map MDVMAP1 10 ipsec-isakmp dynamic MDVMAP
crypto map MDVMAP1 client configuration address initiate
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication partnerauth
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local vpnclients outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 128.1.0.16 255.255.255.255 inside
telnet 128.1.50.1 255.255.255.255 inside
telnet 128.1.50.2 255.255.255.255 inside
telnet 128.1.250.0 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
terminal width 80
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question