NAT/PAT, Port Redirection On Cisco PIX

Discussion in 'Cisco' started by Thomas, Sep 3, 2004.

  1. Thomas

    Thomas Guest

    I have a simple network set-up and yet I'm stumped that I can't get port
    redirection going on it.

    Quick topology:

    Internet
    |
    Cable Modem
    |
    Cisco PIX (1.2.3.4/10.0.0.6)
    |
    Various Clients (10.0.0.0/24)

    One of the clients (10.0.0.7) serves up http while another (10.0.0.3)
    serves up smtp. The address space is 10.0.0.0. With a Linksys router,
    this seemed to be a no-brainer - simply specify what port to forward the
    address to.

    Outbound connectivity seems to be no problem, so I know there is no
    cabling problem.

    From the CLI, I issue the command
    >static (inside, outside) tcp interface 80 10.0.0.7 80
    >write memory


    But when I attempt to access http://1.2.3.4, the connection times out.
    What am I missing?

    Please help,
    Robert
    Thomas, Sep 3, 2004
    #1
    1. Advertising

  2. Thomas

    PES Guest

    "Thomas" <> wrote in message
    news:psRZc.92174$9d6.29582@attbi_s54...
    >I have a simple network set-up and yet I'm stumped that I can't get port
    >redirection going on it.
    >
    > Quick topology:
    >
    > Internet
    > |
    > Cable Modem
    > |
    > Cisco PIX (1.2.3.4/10.0.0.6)
    > |
    > Various Clients (10.0.0.0/24)
    >
    > One of the clients (10.0.0.7) serves up http while another (10.0.0.3)
    > serves up smtp. The address space is 10.0.0.0. With a Linksys router,
    > this seemed to be a no-brainer - simply specify what port to forward the
    > address to.
    >
    > Outbound connectivity seems to be no problem, so I know there is no
    > cabling problem.
    >
    > From the CLI, I issue the command
    > >static (inside, outside) tcp interface 80 10.0.0.7 80
    > >write memory

    >
    > But when I attempt to access http://1.2.3.4, the connection times out.
    > What am I missing?
    >
    > Please help,
    > Robert


    You also need to add the entry to your outside access-list. I'm shooting
    from the hip, so my syntax may not be perfect. Here is an example, if your
    outside acl is named out_in

    access-list out_in permit tcp any host 1.2.3.4 eq 80

    If you currently have no outside acl, you could take the above example then
    apply inbound by doing the following

    access-group out_in in interface outside

    Also worth noting, you cannot test this from your network. You must be
    outside. You will not be able to hit 1.2.3.4 from behind your pix.
    PES, Sep 3, 2004
    #2
    1. Advertising

  3. Thomas

    Josh Guest

    Did you create an access-list??

    access-list In_Outside permit tcp any host 1.2.3.4 eq 80
    access-group In_Outside in interface outside

    Josh
    Thomas <> wrote in message news:<PsRZc.92174$9d6.29582@attbi_s54>...
    > I have a simple network set-up and yet I'm stumped that I can't get port
    > redirection going on it.
    >
    > Quick topology:
    >
    > Internet
    > |
    > Cable Modem
    > |
    > Cisco PIX (1.2.3.4/10.0.0.6)
    > |
    > Various Clients (10.0.0.0/24)
    >
    > One of the clients (10.0.0.7) serves up http while another (10.0.0.3)
    > serves up smtp. The address space is 10.0.0.0. With a Linksys router,
    > this seemed to be a no-brainer - simply specify what port to forward the
    > address to.
    >
    > Outbound connectivity seems to be no problem, so I know there is no
    > cabling problem.
    >
    > From the CLI, I issue the command
    > >static (inside, outside) tcp interface 80 10.0.0.7 80
    > >write memory

    >
    > But when I attempt to access http://1.2.3.4, the connection times out.
    > What am I missing?
    >
    > Please help,
    > Robert
    Josh, Sep 3, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Memnoch
    Replies:
    0
    Views:
    530
    Memnoch
    Jul 17, 2003
  2. staalejg
    Replies:
    1
    Views:
    511
    Walter Roberson
    Jul 17, 2003
  3. staalejg
    Replies:
    0
    Views:
    467
    staalejg
    Jul 17, 2003
  4. Jocelyn
    Replies:
    0
    Views:
    464
    Jocelyn
    Jul 17, 2003
  5. staalejg
    Replies:
    0
    Views:
    1,309
    staalejg
    Jul 17, 2003
Loading...

Share This Page