PIX and mapping ports

Discussion in 'Cisco' started by Kirk Goins, Dec 5, 2003.

  1. Kirk Goins

    Kirk Goins Guest

    I've got my CCNA and have started playing with a PIX501. I've setup a
    couple of Client to PIX and site to site (PIX to PIX) vpns and have them
    working fine. I've done all this using PDM 3.0 and PIX 6.3 .

    Now I want to do some port forwarding. I used a lot of defaults when
    cfg'g the PIXs that set them up for "PAT". The current cfg works great
    going out but I'm having a problem getting a few ports to forward.
    the cfg is

    216.x.x.x PIX 192.168.1.1 and the rest of the internal is 192.168.1.x
    I want to forward FTP and FTP-data to 192.168.1.6 and will want to do
    other ports to other internal IPs.

    Was PAT the correct option to map a single public IP to several internal
    IPs by port? or should I have used one of the NAT options?

    Thanks
     
    Kirk Goins, Dec 5, 2003
    #1
    1. Advertising

  2. In article <>,
    Kirk Goins <> wrote:
    :pIX 6.3 .

    :Now I want to do some port forwarding. I used a lot of defaults when
    :cfg'g the PIXs that set them up for "PAT". The current cfg works great
    :going out but I'm having a problem getting a few ports to forward.
    :the cfg is

    :216.x.x.x PIX 192.168.1.1 and the rest of the internal is 192.168.1.x
    :I want to forward FTP and FTP-data to 192.168.1.6 and will want to do
    :eek:ther ports to other internal IPs.

    :Was PAT the correct option to map a single public IP to several internal
    :IPs by port? or should I have used one of the NAT options?

    PAT is what you need to MAP several internal IPs to a single public IP,
    but it isn't what is needed to arrange access from outside inward --
    you need port forwarding for that.

    static (inside, outside) tcp interface ftp 192.168.1.6 ftp netmask 255.255.255.255 0 0
    static (inside, outside) tcp interface ftp-data 192.168.1.6 ftp-data netmask 255.255.255.255 0 0
    static (inside, outside) tcp interface smtp 192.168.1.25 smtp netmask 255.255.255.255 0 0
    access-list out2in permit tcp any interface eq ftp
    access-list out2in permit tcp any interface eq ftp-data
    access-list out2in permit tcp any interface eq smtp
    access-group out2in in interface outside
    clear xlate
    --
    WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,vonNeumann}D ?
     
    Walter Roberson, Dec 5, 2003
    #2
    1. Advertising

  3. Kirk Goins

    Rik Bain Guest

    On Fri, 05 Dec 2003 16:21:32 -0600, Walter Roberson wrote:

    > PAT is what you need to MAP several internal IPs to a single public IP,
    > but it isn't what is needed to arrange access from outside inward -- you
    > need port forwarding for that.
    >


    Also known as "static PAT".....
     
    Rik Bain, Dec 5, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mofoshaweng

    port mapping for a range of ports

    mofoshaweng, Apr 1, 2004, in forum: Cisco
    Replies:
    5
    Views:
    730
    Hansang Bae
    Apr 2, 2004
  2. Jo Christian Buvarp

    Pix to pix vpn problem, mapping windows drive

    Jo Christian Buvarp, Jun 16, 2004, in forum: Cisco
    Replies:
    1
    Views:
    550
    Bill F
    Jun 21, 2004
  3. Mofoshaweng
    Replies:
    4
    Views:
    2,395
    Walter Roberson
    Mar 26, 2005
  4. Carl Hilton

    Mapping IP/MAC to Ports

    Carl Hilton, Jun 6, 2008, in forum: Cisco
    Replies:
    1
    Views:
    463
    fugettaboutit
    Jun 6, 2008
  5. Thrill5
    Replies:
    1
    Views:
    905
    bod43
    Apr 18, 2009
Loading...

Share This Page