Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > help with port forwarding with PIX 515E

Reply
Thread Tools

help with port forwarding with PIX 515E

 
 
KarimMTI
Guest
Posts: n/a
 
      03-24-2008
I need some assistance with port forwarding on my pix 515E. I need to
forward port 6100 to my file server, but i can't get it to work. Can
anyone help me with this? The pix is on version 6.3(1)


this is what i have now:

static (inside,outside) tcp x.x.x.x 6100 192.168.1.12 6100 netmask
255.255.255.255 0 0
access-list outside permit tcp any host x.x.x.x eq 6100

thanks in advance
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      03-24-2008
In article <(E-Mail Removed)>,
KarimMTI <(E-Mail Removed)> wrote:
>I need some assistance with port forwarding on my pix 515E. I need to
>forward port 6100 to my file server, but i can't get it to work. Can
>anyone help me with this? The pix is on version 6.3(1)


Note: 6.3(1) through 6.3(5) have security problems sufficient that
if you are the registered owner of the system (e.g., not an ebay
acquisition) then you are entitled to a free upgrade to a later 6.3(5)*
rebuild.


>this is what i have now:


>static (inside,outside) tcp x.x.x.x 6100 192.168.1.12 6100 netmask
>255.255.255.255 0 0
>access-list outside permit tcp any host x.x.x.x eq 6100


And of course

access-group outside in interface outside

The above syntax would work provided that host x.x.x.x was NOT
the same as the external interface IP address. If you are trying
to NAT the external interface IP address, you would need to use

static (inside,outside) tcp interface 6100 192.168.1.12 6100 netmask 255.255.255.255 0 0
access-list outside permit tcp any interface outside eq 6100
access-group outside in interface outside

The word 'interface' and 'interface outside' there are literals.

The requirement to use 'interface' changed in 7.0, I understand.
 
Reply With Quote
 
 
 
 
KarimMTI
Guest
Posts: n/a
 
      03-24-2008
On Mar 24, 3:14 pm, (E-Mail Removed) (Walter Roberson) wrote:
> In article <(E-Mail Removed)>,
>
> KarimMTI <(E-Mail Removed)> wrote:
> >I need some assistance with port forwarding on my pix 515E. I need to
> >forward port 6100 to my file server, but i can't get it to work. Can
> >anyone help me with this? The pix is on version 6.3(1)

>
> Note: 6.3(1) through 6.3(5) have security problems sufficient that
> if you are the registered owner of the system (e.g., not an ebay
> acquisition) then you are entitled to a free upgrade to a later 6.3(5)*
> rebuild.
>
> >this is what i have now:
> >static (inside,outside) tcp x.x.x.x 6100 192.168.1.12 6100 netmask
> >255.255.255.255 0 0
> >access-list outside permit tcp any host x.x.x.x eq 6100

>
> And of course
>
> access-group outside in interface outside
>
> The above syntax would work provided that host x.x.x.x was NOT
> the same as the external interface IP address. If you are trying
> to NAT the external interface IP address, you would need to use
>
> static (inside,outside) tcp interface 6100 192.168.1.12 6100 netmask 255.255.255.255 0 0
> access-list outside permit tcp any interface outside eq 6100
> access-group outside in interface outside
>
> The word 'interface' and 'interface outside' there are literals.
>
> The requirement to use 'interface' changed in 7.0, I understand.



first let me mention by saying, if its not already obvious, that my
knowledge of cisco is limited...so with that being said...

i don't understand when you say "host x.x.x.x should NOT be same as
external interface IP address". what should it be then?

there is a static route plugged in: static (inside,outside) x.x.x.x
192.168.1.12 netmask 255.255.255.255 0 0

so i thought that x.x.x.x should be the same for "access-list outside
permit tcp any host x.x.x.x eq 6100"
 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      03-25-2008
In article <(E-Mail Removed)>,
KarimMTI <(E-Mail Removed)> wrote:

>i don't understand when you say "host x.x.x.x should NOT be same as
>external interface IP address". what should it be then?


I am saying that in PIX 6, if the IP address you are trying to NAT
into is the IP address of the PIX external interface, then you cannot
use the commands you had, and instead need to use the slightly different
commands I showed (that use the keywords 'interface' instead of
the interface IP address.)

If the IP address you are trying to NAT into is -different- than
the PIX external interface IP address, then the commands you had
are fine (provided you have "access-group outside in interface outside").

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help in port forwarding PIX 515E valtron78 Cisco 2 06-30-2008 08:03 AM
Need help Port forwarding on PIX 501 kennylee88@gmail.com Cisco 10 10-01-2006 03:31 PM
Quick help: PIX 501 and Port Forwarding Sascha E. Pollok Cisco 3 08-09-2006 01:34 PM
HELP With Cisco PIX 506E routing/port forwarding with SMTP????? Rodney Hall Cisco 9 01-13-2005 07:57 PM
[HELP] Cisco PIX 515 Port Forwarding Corbin O'Reilly Cisco 4 09-26-2003 08:39 PM



Advertisments