Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX and mapping ports

Reply
Thread Tools

PIX and mapping ports

 
 
Kirk Goins
Guest
Posts: n/a
 
      12-05-2003
I've got my CCNA and have started playing with a PIX501. I've setup a
couple of Client to PIX and site to site (PIX to PIX) vpns and have them
working fine. I've done all this using PDM 3.0 and PIX 6.3 .

Now I want to do some port forwarding. I used a lot of defaults when
cfg'g the PIXs that set them up for "PAT". The current cfg works great
going out but I'm having a problem getting a few ports to forward.
the cfg is

216.x.x.x PIX 192.168.1.1 and the rest of the internal is 192.168.1.x
I want to forward FTP and FTP-data to 192.168.1.6 and will want to do
other ports to other internal IPs.

Was PAT the correct option to map a single public IP to several internal
IPs by port? or should I have used one of the NAT options?

Thanks


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-05-2003
In article <(E-Mail Removed)>,
Kirk Goins <(E-Mail Removed)> wrote:
IX 6.3 .

:Now I want to do some port forwarding. I used a lot of defaults when
:cfg'g the PIXs that set them up for "PAT". The current cfg works great
:going out but I'm having a problem getting a few ports to forward.
:the cfg is

:216.x.x.x PIX 192.168.1.1 and the rest of the internal is 192.168.1.x
:I want to forward FTP and FTP-data to 192.168.1.6 and will want to do
ther ports to other internal IPs.

:Was PAT the correct option to map a single public IP to several internal
:IPs by port? or should I have used one of the NAT options?

PAT is what you need to MAP several internal IPs to a single public IP,
but it isn't what is needed to arrange access from outside inward --
you need port forwarding for that.

static (inside, outside) tcp interface ftp 192.168.1.6 ftp netmask 255.255.255.255 0 0
static (inside, outside) tcp interface ftp-data 192.168.1.6 ftp-data netmask 255.255.255.255 0 0
static (inside, outside) tcp interface smtp 192.168.1.25 smtp netmask 255.255.255.255 0 0
access-list out2in permit tcp any interface eq ftp
access-list out2in permit tcp any interface eq ftp-data
access-list out2in permit tcp any interface eq smtp
access-group out2in in interface outside
clear xlate
--
WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,v onNeumann}D ?
 
Reply With Quote
 
 
 
 
Rik Bain
Guest
Posts: n/a
 
      12-05-2003
On Fri, 05 Dec 2003 16:21:32 -0600, Walter Roberson wrote:

> PAT is what you need to MAP several internal IPs to a single public IP,
> but it isn't what is needed to arrange access from outside inward -- you
> need port forwarding for that.
>


Also known as "static PAT".....
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mapping IP/MAC to Ports Carl Hilton Cisco 1 06-06-2008 05:37 PM
Recommendations Please for a PCI card w/ two USB 2 Ports and FireWaire Ports Mike Digital Photography 27 02-26-2006 12:54 AM
mapping range of ports on Cisco SOHO 77 Mofoshaweng Cisco 4 03-26-2005 05:14 PM
Pix to pix vpn problem, mapping windows drive Jo Christian Buvarp Cisco 1 06-21-2004 04:47 PM
port mapping for a range of ports mofoshaweng Cisco 5 04-02-2004 05:25 AM



Advertisments