Need help with STATIC command!

Discussion in 'Cisco' started by JackBlack, Jun 1, 2007.

  1. JackBlack

    JackBlack Guest

    Hi, all! Using a PIX 515e (IOS 12.3)...

    Basically, I need to be able to translate (STATIC command) any traffic
    from a given subnet (167.68.6.0) on a given port (5000) to a single
    inside IP (10.1.1.1) and port (5000). My hangup at this point is the
    subnet masks, I think. On one side I have to use a mask of .0, but I
    need a mask of .255 on the inside specifically. Will the below STATIC
    work for me?

    static (inside, outside) tcp 10.1.1.1 5000 167.68.6.0 5000 netmask
    255.255.255.255

    Essentially, any port 5000 traffic on the outside subnet (all 255
    possible machines) has to be sent to a single device on the inside
    subnet.

    Is this do-able? Thanks!
    Jack
     
    JackBlack, Jun 1, 2007
    #1
    1. Advertisements

  2. JackBlack

    Chad Mahoney Guest

    JackBlack wrote:
    > Hi, all! Using a PIX 515e (IOS 12.3)...
    >


    Sorry, the PIX does not run on IOS 12.3, please paste a show version
    from the firewall.
     
    Chad Mahoney, Jun 1, 2007
    #2
    1. Advertisements

  3. JackBlack

    JackBlack Guest

    You're correct, my bad. It's running 6.3(4). Sorry, was looking at
    something else when I wrote the original post.

    So, what do you think about my question?

    Thanks,
    Jack


    On Jun 1, 10:30 am, Chad Mahoney <0ney.com> wrote:
    > JackBlack wrote:
    > > Hi, all! Using a PIX 515e (IOS 12.3)...

    >
    > Sorry, the PIX does not run on IOS 12.3, please paste a show version
    > from the firewall.
     
    JackBlack, Jun 1, 2007
    #3
  4. In article <>,
    JackBlack <> wrote:
    >Hi, all! Using a PIX 515e (IOS 12.3)...


    >Basically, I need to be able to translate (STATIC command) any traffic
    >from a given subnet (167.68.6.0) on a given port (5000) to a single
    >inside IP (10.1.1.1) and port (5000).


    You can't do that in the way it is phrased.

    >Essentially, any port 5000 traffic on the outside subnet (all 255
    >possible machines) has to be sent to a single device on the inside
    >subnet.


    access-list six5000 permit tcp host 10.1.1.1 eq 5000 167.68.6.0 255.255.255.0
    static (inside,outside) tcp interface 5000 10.1.1.1 5000 access-list six5000

    This presumes that the public IP that those 167.68.6.0 hosts are
    talking to, that represents 10.1.1.1 to the outside world, is your
    outside interface IP. If not, replace the word 'interface' with the
    public IP.

    I'm not completely sure this will work. I'd have to think back and try
    to remember exactly how statics with access-lists work, which is not
    well documented. I did get clarification from the TAC at one point,
    but I no longer have access to that case.
     
    Walter Roberson, Jun 2, 2007
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nieuws Xs4all
    Replies:
    0
    Views:
    720
    Nieuws Xs4all
    May 26, 2005
  2. STATIC command help

    , Feb 22, 2006, in forum: Cisco
    Replies:
    3
    Views:
    9,597
  3. chuckcar
    Replies:
    11
    Views:
    9,836
    §ñühw¤£f
    Apr 21, 2009
  4. Evan Platt
    Replies:
    1
    Views:
    1,019
    John Holmes
    Apr 18, 2009
  5. §ñühw¤£f
    Replies:
    2
    Views:
    1,722
    §ñühw¤£f
    Apr 19, 2009
Loading...

Share This Page