Can you do static translation/port forwarding on Nat'ed IP on a PIX?

Discussion in 'Cisco' started by BitBucket, Nov 1, 2003.

  1. BitBucket

    BitBucket Guest

    Hello all. Can you do a translation to the inside, for lets say www and
    smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    internet? This is on a PIX 515e.

    If I have confused you thouroughly, maybe this sample config will help you
    see what I am needing to know. Public IP's have been changed to protect the
    innocent.

    ip address outside 123.123.123.2 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    global (outside) 1 interface
    nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0
    0
    static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0
    0
    static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0
    0
    access-list outside_access_in permit tcp any host 123.123.123.2 eq smtp
    access-list outside_access_in permit tcp any host 123.123.123.2 eq pop3
    access-list outside_access_in permit tcp any host 123.123.123.2 eq www

    Can this be done?

    Many thanks!
     
    BitBucket, Nov 1, 2003
    #1
    1. Advertising

  2. BitBucket

    BitBucket Guest

    Ignore the 2 extra static translations. I had a brain fart. There should
    only be the 1 static with 3 access rules.

    Thanks again!


    "BitBucket" <> wrote in message
    news:bo145m$d69$...
    > Hello all. Can you do a translation to the inside, for lets say www and
    > smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    > internet? This is on a PIX 515e.
    >
    > If I have confused you thouroughly, maybe this sample config will help you
    > see what I am needing to know. Public IP's have been changed to protect

    the
    > innocent.
    >
    > ip address outside 123.123.123.2 255.255.255.0
    > ip address inside 192.168.1.1 255.255.255.0
    > global (outside) 1 interface
    > nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    > static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255

    0
    > 0
    > static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255

    0
    > 0
    > static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255

    0
    > 0
    > access-list outside_access_in permit tcp any host 123.123.123.2 eq smtp
    > access-list outside_access_in permit tcp any host 123.123.123.2 eq pop3
    > access-list outside_access_in permit tcp any host 123.123.123.2 eq www
    >
    > Can this be done?
    >
    > Many thanks!
    >
    >
     
    BitBucket, Nov 1, 2003
    #2
    1. Advertising

  3. In article <bo145m$d69$>,
    BitBucket <> wrote:
    :Hello all. Can you do a translation to the inside, for lets say www and
    :smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    :internet? This is on a PIX 515e.

    :If I have confused you thouroughly, maybe this sample config will help you
    :see what I am needing to know. Public IP's have been changed to protect the
    :innocent.

    :ip address outside 123.123.123.2 255.255.255.0
    :ip address inside 192.168.1.1 255.255.255.0
    :global (outside) 1 interface
    :nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    :static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0 0

    Change the outside IP address there to the literal word interface

    static (inside,outside) interface 192.168.1.5 netmask 255.255.255.255 0 0


    --
    We don't need no side effect-ing
    We don't need no scope control
    No global variables for execution
    Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick
     
    Walter Roberson, Nov 1, 2003
    #3
  4. BitBucket

    BitBucket Guest

    Thank you walter!


    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bo1h0k$c0$...
    > In article <bo145m$d69$>,
    > BitBucket <> wrote:
    > :Hello all. Can you do a translation to the inside, for lets say www and
    > :smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    > :internet? This is on a PIX 515e.
    >
    > :If I have confused you thouroughly, maybe this sample config will help

    you
    > :see what I am needing to know. Public IP's have been changed to protect

    the
    > :innocent.
    >
    > :ip address outside 123.123.123.2 255.255.255.0
    > :ip address inside 192.168.1.1 255.255.255.0
    > :global (outside) 1 interface
    > :nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    > :static (inside,outside) 123.123.123.2 192.168.1.5 netmask

    255.255.255.255 0 0
    >
    > Change the outside IP address there to the literal word interface
    >
    > static (inside,outside) interface 192.168.1.5 netmask 255.255.255.255 0 0
    >
    >
    > --
    > We don't need no side effect-ing
    > We don't need no scope control
    > No global variables for execution
    > Hey! Did you leave those args alone? --

    decvax!utzoo!utcsrgv!roderick
     
    BitBucket, Nov 3, 2003
    #4
  5. BitBucket

    BitBucket Guest

    Thank you walter!


    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bo1h0k$c0$...
    > In article <bo145m$d69$>,
    > BitBucket <> wrote:
    > :Hello all. Can you do a translation to the inside, for lets say www and
    > :smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    > :internet? This is on a PIX 515e.
    >
    > :If I have confused you thouroughly, maybe this sample config will help

    you
    > :see what I am needing to know. Public IP's have been changed to protect

    the
    > :innocent.
    >
    > :ip address outside 123.123.123.2 255.255.255.0
    > :ip address inside 192.168.1.1 255.255.255.0
    > :global (outside) 1 interface
    > :nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    > :static (inside,outside) 123.123.123.2 192.168.1.5 netmask

    255.255.255.255 0 0
    >
    > Change the outside IP address there to the literal word interface
    >
    > static (inside,outside) interface 192.168.1.5 netmask 255.255.255.255 0 0
    >
    >
    > --
    > We don't need no side effect-ing
    > We don't need no scope control
    > No global variables for execution
    > Hey! Did you leave those args alone? --

    decvax!utzoo!utcsrgv!roderick
     
    BitBucket, Nov 3, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Hutchings
    Replies:
    6
    Views:
    5,065
  2. gringo2
    Replies:
    2
    Views:
    2,403
    gringo2
    Sep 17, 2004
  3. Replies:
    1
    Views:
    1,065
    News Reader
    Jul 30, 2008
  4. Greg
    Replies:
    0
    Views:
    3,731
  5. Replies:
    0
    Views:
    1,272
Loading...

Share This Page