I've hit a bit of a brick wall trying to configure my new firewall,
and I'm looking for some direction, as what I want to do wasn't
really covered in the training course.
I want to do an inbound NAT on an IP address which is contained
in a subnet which is also on the PIX and turn it into an internal
address - but ONLY for selected ports.
It looks something like this {Warning: Bad ASCII drawing follows}
Internet
|
|
Firewall
| |
| |
DMZ |
Internal
The DMZ has an IP address range - call it 172.16.78.192/28. The
Inside has 10.67.0.0/16. I want to take IP address 172.16.78.199
and translate it to 10.67.97.10 but ONLY if connections come in
on ports 25, 110 or 80 directed to this address only {incoming
on those ports to other addresses should be sent elsewhere}.
The addresses in the DMZ are non-RFC1918, and match the subnet
mask specified.
Basically, I want an inbound connection attempt on port 25 directed to
the external .199 address to be translated and connected to the internal
..10 address.
Anyone wanna throw a hint my way? I'm being lazy and using the
ASDM module to give me a GUI configuration, but I'll dial into
the command line if necessary and put the commands in manually
if someone can clue me in. PIX 515E in use, running 7.0.1 software,
unrestricted license.
Thanks
DaZZa
--
A rule for life.
echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq |dc
Address in header is spamblocked. ROT13 the following for email replies
Similar Threads
