Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > [HELP] Cisco PIX 515 Port Forwarding

Reply
Thread Tools

[HELP] Cisco PIX 515 Port Forwarding

 
 
Corbin O'Reilly
Guest
Posts: n/a
 
      09-26-2003
Hi everyone. I have a Cisco PIX 515 and am trying to do a simple task. When
somebody connects to an external IP address on a specific port I want it to
direct to an internal IP on a different port. For example, if somebody
connects to the external 215.152.16.8 on port 9386 I want it to map to port
2516 on 192.168.1.8. I know the command to map the IP is:

static (inside,outside) 215.152.16.8 192.168.1.8 netmask 255.255.255.255 0 0

What is the command to redirect the ports? Does this command look right?

static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask
255.255.255.255 0 0

Thanks for the help. Raven.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      09-26-2003
In article <44Mcb.12492$(E-Mail Removed) .net>,
Corbin O'Reilly <(E-Mail Removed)> wrote:
:Hi everyone. I have a Cisco PIX 515 and am trying to do a simple task. When
:somebody connects to an external IP address on a specific port I want it to
:direct to an internal IP on a different port. For example, if somebody
:connects to the external 215.152.16.8 on port 9386 I want it to map to port
:2516 on 192.168.1.8. I know the command to map the IP is:

:static (inside,outside) 215.152.16.8 192.168.1.8 netmask 255.255.255.255 0 0

:What is the command to redirect the ports? Does this command look right?

:static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask 255.255.255.255 0 0

Looks right to me.

You will of course need an access-list permitting the traffic,
applied to the outside interface via the 'access-group' command.
--
"WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)
 
Reply With Quote
 
 
 
 
Rik Bain
Guest
Posts: n/a
 
      09-26-2003
On Sat, 27 Sep 2003 02:39:25 +0600, Walter Roberson wrote:

> The extended version of 'static' has been supported since PIX 6.0(1),
> and Cisco has been recommending against using 'conduit' since PIX 5.1(2)
> or so. Cisco does not promise that conduits will function properly with
> PIX 6 features such as port forwarding. I would highly recommend that
> you use access-list and access-group instead.



Just to add to Walter's statement, the release notes for 6.3.3 state that
it is the last major release to support conduit.

Rik Bain
 
Reply With Quote
 
Corbin O'Reilly
Guest
Posts: n/a
 
      09-26-2003
Thanks for the reply. Please let me know if these are the commands I need to
add.

static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask
255.255.255.255 0 0
conduit permit tcp host 215.152.16.8 eq 9386 any

I appreciate the help.


"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:bl0ecl$7v2$(E-Mail Removed)...
> In article <44Mcb.12492$(E-Mail Removed) .net>,
> Corbin O'Reilly <(E-Mail Removed)> wrote:
> :Hi everyone. I have a Cisco PIX 515 and am trying to do a simple task.

When
> :somebody connects to an external IP address on a specific port I want it

to
> :direct to an internal IP on a different port. For example, if somebody
> :connects to the external 215.152.16.8 on port 9386 I want it to map to

port
> :2516 on 192.168.1.8. I know the command to map the IP is:
>
> :static (inside,outside) 215.152.16.8 192.168.1.8 netmask 255.255.255.255

0 0
>
> :What is the command to redirect the ports? Does this command look right?
>
> :static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask

255.255.255.255 0 0
>
> Looks right to me.
>
> You will of course need an access-list permitting the traffic,
> applied to the outside interface via the 'access-group' command.
> --
> "WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
> WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      09-26-2003
In article <jT%cb.7189$(E-Mail Removed). net>,
Corbin O'Reilly <(E-Mail Removed)> wrote:
:Thanks for the reply. Please let me know if these are the commands I need to
:add.

:static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask 255.255.255.255 0 0
:conduit permit tcp host 215.152.16.8 eq 9386 any

The extended version of 'static' has been supported since PIX 6.0(1),
and Cisco has been recommending against using 'conduit' since PIX 5.1(2)
or so. Cisco does not promise that conduits will function properly with
PIX 6 features such as port forwarding. I would highly recommend
that you use access-list and access-group instead.
--
And the wind keeps blowing the angel / Backwards into the future /
And this wind, this wind / Is called / Progress.
-- Laurie Anderson
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 515 - can Use VPN300 Client and PIX-to-PIX VPN at the same time? Stephen M Cisco 1 11-14-2006 02:03 PM
PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC? Scott Townsend Cisco 8 02-22-2006 09:59 PM
cisco pix 515 port forwarding - NOT possible? hard to believe.. google@pilotsupplies.com Cisco 10 07-28-2005 04:21 PM
Cisco Pix 515 Port forwarding range: 10000-50000 (tcp/udp) Andras Kende Cisco 1 04-29-2004 01:15 AM
PIX 515 : Problem with port forwarding Renaud Cisco 2 02-20-2004 08:42 AM



Advertisments