Solved

cisco pix nat example

Posted on 2009-07-12
3
884 Views
Last Modified: 2012-05-07
I need people outside to access my PC on port 5500 for a VNC support session.  I use the PDM to program the PIX because I'm not so good with the text mode stuff.  There's nothing special about the config but I'll post it below.
:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password eIgg6R0McudbqlW5 encrypted

passwd eIgg6R0McudbqlW5 encrypted

hostname whitt

domain-name fccgi

clock timezone PST -8

clock summer-time PDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 192.168.22.22 DavePC

access-list inside_access_in permit icmp any any

access-list inside_access_in permit ip any any

access-list outside_access_in permit icmp any any

no pager

logging on

icmp permit any outside

icmp permit any inside

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.22.250 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location DavePC 255.255.255.255 inside

pdm logging warnings 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

ntp authenticate

ntp server 195.177.253.180 source outside prefer

http server enable

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server community zob

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

console timeout 0

dhcpd address 192.168.22.50-192.168.22.74 inside

dhcpd dns 192.168.24.1 192.168.24.2

dhcpd wins 192.168.24.1 192.168.24.2

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain fccgi.com

dhcpd enable inside

vpnclient server 65.126.59.194

vpnclient mode network-extension-mode

vpnclient vpngroup Van password ********

vpnclient enable

terminal width 80

Cryptochecksum:66f3dbde07037d32c62ff62b11e7ecc5

: end

Open in new window

0
Comment
Question by:davehansen22
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 24835506
Hi,

Use the folowing:

access-list outside_access_in permit tcp any interface outside eq 5500
static (inside,outside) udp interface 5500 192.168.22.22  5500 netmask 255.255.255.255

BEst regards,
Istvan
0
 

Author Comment

by:davehansen22
ID: 24836375
Thank you very much....but in the second line, did you mean to say "udp"?
0
 

Author Comment

by:davehansen22
ID: 24836414
I changed it to "tcp" and it works quite well.  Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco NBAR 6 31
Cisco RSTP portfast 3 49
Cisco prime 3 34
syslog id vs. msg 2 20
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
A short film showing how OnPage and Connectwise integration works.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now