Newbie help with port forward

Discussion in 'Cisco' started by Matthew Kerner, Oct 22, 2003.

  1. I was handed a new client and they recently purchaed a Pix 501 (totally
    overkill for them). All I really need to do is have a port forward command
    to let us administrator the server with vnc (5900).
    I tried to add the line:
    static (inside, outside) tcp 66.180.111.170 5900 192.168.1.150 5900 netmask
    255.255.255.255 0 0
    but it didn't work. It was in the config and I wrote it to mem but I still
    couldn't get in.
    Also, I didn't write any of this config. I am familiar with the 2600's or
    67x's etc but don't know the Pix.
    could someone look over this config and tell me what's up?
    thanks.
    What are the lines I marked with the * doing?

    PIX Version 6.1(4)
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password F2izeCCM7gqR/Ut7 encrypted
    passwd 7qFKWNrYgAU4ASQj encrypted
    hostname pixfirewall
    domain-name ciscopix.com
    fixup protocol ftp 21
    fixup protocol http 80
    fixup protocol h323 1720
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol sip 5060
    fixup protocol skinny 2000
    names
    name 192.168.1.145 Chris
    name 66.180.111.171 Tracking
    access-list ipsec permit ip 192.168.1.0 255.255.255.0 192.168.2.0
    255.255.255.0
    access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.2.0
    255.255.255.0
    *access-list outside_access_in permit udp any eq 22335 any
    *access-list outside_access_in permit udp any eq 17335 any
    pager lines 24
    logging on
    interface ethernet0 10baset
    interface ethernet1 10full
    mtu outside 1500
    mtu inside 1500
    ip address outside 66.180.111.170 255.255.255.248
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 0.0.0.0 255.255.255.0 outside
    pdm location 0.0.0.0 255.255.255.0 inside
    pdm location Chris 255.255.255.255 inside
    pdm location Tracking 255.255.255.255 outside
    pdm location 192.168.2.0 255.255.255.0 inside
    pdm location 192.168.2.0 255.255.255.0 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    *static (inside,outside) Tracking Chris netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 66.180.111.169 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
    0:05:00 si
    p 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    no sysopt route dnat
    crypto ipsec transform-set avalanche esp-des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 3600
    crypto map forsberg 21 ipsec-isakmp
    crypto map forsberg 21 match address ipsec
    crypto map forsberg 21 set peer 64.233.84.122
    crypto map forsberg 21 set transform-set avalanche
    crypto map forsberg interface outside
    isakmp enable outside
    isakmp key ******** address 64.233.84.122 netmask 255.255.255.255
    isakmp identity address
    isakmp policy 21 authentication pre-share
    isakmp policy 21 encryption des
    isakmp policy 21 hash md5
    isakmp policy 21 group 1
    isakmp policy 21 lifetime 86400
    telnet 192.168.1.0 255.255.255.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    dhcpd address 192.168.1.20-192.168.1.51 inside
    dhcpd dns 66.180.96.12 64.238.96.12
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    dhcpd enable inside
    terminal width 80
    Cryptochecksum:850cf549ca4bbdd64f5be8cb8799f99d
    pixfirewall# sh ont
    Type help or '?' for a list of available commands.

    help.
    Matthew Kerner, Oct 22, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael

    port forward / port changing

    Michael, Jul 17, 2005, in forum: Cisco
    Replies:
    1
    Views:
    564
    Michael
    Jul 17, 2005
  2. Replies:
    2
    Views:
    2,029
  3. MICHAEL

    BELKIN ROUTER PORT FORWARD HELP

    MICHAEL, Apr 14, 2005, in forum: Computer Support
    Replies:
    11
    Views:
    57,939
  4. dmillen
    Replies:
    1
    Views:
    472
    dmillen
    Apr 2, 2010
  5. rickbath
    Replies:
    0
    Views:
    1,160
    rickbath
    May 30, 2012
Loading...

Share This Page