Help please - PIX501

Discussion in 'Cisco' started by MC, Oct 24, 2004.

  1. MC

    MC Guest

    Guys & Girls
    First of all I'm sorry if this is the wrong group, please suggest a more
    suitable one if there is one.

    I'm trying to set up a PIX 501 in a small office as follows:

    We have a public IP range, for arguements sake:

    212.37.38.202-206
    Gateway 212.37.38.254

    and a range of private ones:

    192.168.1.2-192.168.1.200

    I want to set up the PIX to use 212.37.38.202 on the outside interface and
    allow the private IP's to access the internet from the inside interface.
    The PIX will not be a DHCP server.

    I've managed to acheive this (I think) using PAT. What I want to do now is
    set up port forwarding so (for example) port 80 requests that come in on
    212.37.38.202 get forwarded to 192.168.1.99. I'd like to do this for
    various ports and various provate hosts.

    First off, is this possible or do I need other equipment?

    Any help most welcome.


    MC
    MC, Oct 24, 2004
    #1
    1. Advertising

  2. "MC" <maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote:

    > What I want to do now is set up port forwarding so (for example)
    > port 80 requests that come in on 212.37.38.202 get forwarded to
    > 192.168.1.99. I'd like to do this for various ports and various
    > private hosts.


    If you want to perform port forwarding using the IP address
    of the outside interface as the global address then you need
    something like this [Pix OS 6.3(x) assumed]:

    static (inside,outside) tcp interface 80 192.168.1.99 80
    access-list acl_out permit tcp any interface outside eq 80
    access-group acl_out in interface outside

    If you want to use some other global IP you have, then
    the syntax is:

    static (inside,outside) tcp 212.37.38.203 80 192.168.1.99 80
    access-list acl_out permit tcp any host 212.37.38.203 eq 80
    access-group acl_out in interface outside
    Jyri Korhonen, Oct 24, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rik Bain

    Re: Pix501 VPN Woes - help needed

    Rik Bain, Jul 11, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,263
    Ian Easson
    Jul 16, 2003
  2. Greg
    Replies:
    0
    Views:
    449
  3. sw
    Replies:
    2
    Views:
    2,819
  4. Replies:
    7
    Views:
    1,465
    Walter Roberson
    Mar 17, 2006
  5. dmillen
    Replies:
    1
    Views:
    473
    dmillen
    Apr 2, 2010
Loading...

Share This Page