«

I have a simple network set-up and yet I'm stumped that I can't get port
redirection going on it.

Quick topology:

Internet
|
Cable Modem
|
Cisco PIX (1.2.3.4/10.0.0.6)
|
Various Clients (10.0.0.0/24)

One of the clients (10.0.0.7) serves up http while another (10.0.0.3)
serves up smtp. The address space is 10.0.0.0. With a Linksys router,
this seemed to be a no-brainer - simply specify what port to forward the
address to.

Outbound connectivity seems to be no problem, so I know there is no
cabling problem.

From the CLI, I issue the command
>static (inside, outside) tcp interface 80 10.0.0.7 80
>write memory

But when I attempt to access http://1.2.3.4, the connection times out.
What am I missing?

Please help,
Robert

"Thomas" <> wrote in message
newssRZc.92174$9d6.29582@attbi_s54...
>I have a simple network set-up and yet I'm stumped that I can't get port
>redirection going on it.
>
> Quick topology:
>
> Internet
> |
> Cable Modem
> |
> Cisco PIX (1.2.3.4/10.0.0.6)
> |
> Various Clients (10.0.0.0/24)
>
> One of the clients (10.0.0.7) serves up http while another (10.0.0.3)
> serves up smtp. The address space is 10.0.0.0. With a Linksys router,
> this seemed to be a no-brainer - simply specify what port to forward the
> address to.
>
> Outbound connectivity seems to be no problem, so I know there is no
> cabling problem.
>
> From the CLI, I issue the command
> >static (inside, outside) tcp interface 80 10.0.0.7 80
> >write memory
>
> But when I attempt to access http://1.2.3.4, the connection times out.
> What am I missing?
>
> Please help,
> Robert

You also need to add the entry to your outside access-list. I'm shooting
from the hip, so my syntax may not be perfect. Here is an example, if your
outside acl is named out_in

access-list out_in permit tcp any host 1.2.3.4 eq 80

If you currently have no outside acl, you could take the above example then
apply inbound by doing the following

access-group out_in in interface outside

Also worth noting, you cannot test this from your network. You must be
outside. You will not be able to hit 1.2.3.4 from behind your pix.

Did you create an access-list??

access-list In_Outside permit tcp any host 1.2.3.4 eq 80
access-group In_Outside in interface outside

Josh
Thomas <> wrote in message news:<PsRZc.92174$9d6.29582@attbi_s54>...
> I have a simple network set-up and yet I'm stumped that I can't get port
> redirection going on it.
>
> Quick topology:
>
> Internet
> |
> Cable Modem
> |
> Cisco PIX (1.2.3.4/10.0.0.6)
> |
> Various Clients (10.0.0.0/24)
>
> One of the clients (10.0.0.7) serves up http while another (10.0.0.3)
> serves up smtp. The address space is 10.0.0.0. With a Linksys router,
> this seemed to be a no-brainer - simply specify what port to forward the
> address to.
>
> Outbound connectivity seems to be no problem, so I know there is no
> cabling problem.
>
> From the CLI, I issue the command
> >static (inside, outside) tcp interface 80 10.0.0.7 80
> >write memory
>
> But when I attempt to access http://1.2.3.4, the connection times out.
> What am I missing?
>
> Please help,
> Robert