Port forwarding on a PIX 501 at 6.3

Discussion in 'Cisco' started by Kirk Goins, Dec 19, 2003.

  1. Kirk Goins

    Kirk Goins Guest

    Setup #1 Linksys router with 1 Public IP and say 12 devices on the
    inside at 192.168.100.x

    Setup #2 Cisco PIX 501 at 6.3 with 1 Public IP and say 12 devices on the
    inside at 192.168.100.x

    With setup #1 a few mouse clicks and I can map any inbound port to any
    inside address like FTP to 192.168.100.2 and SMTP to 192.168.100.3 etc
    all using the same public IP.

    With setup #2 I'm being told I can't do that and for the example just
    above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
    other traffic). Is that right?

    Thanks
     
    Kirk Goins, Dec 19, 2003
    #1
    1. Advertising

  2. In article <>,
    Kirk Goins <> wrote:
    :Setup #1 Linksys router with 1 Public IP and say 12 devices on the
    :inside at 192.168.100.x

    :Setup #2 Cisco PIX 501 at 6.3 with 1 Public IP and say 12 devices on the
    :inside at 192.168.100.x

    :With setup #1 a few mouse clicks and I can map any inbound port to any
    :inside address like FTP to 192.168.100.2 and SMTP to 192.168.100.3 etc
    :all using the same public IP.

    :With setup #2 I'm being told I can't do that and for the example just
    :above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
    :eek:ther traffic). Is that right?

    Not true. Static port forwarding became available in PIX 6.2,
    and you can configure it using the PDM graphical manager.

    The limitation is that you cannot use static port forwarding
    for telnet or one particular port used by the PIX firewall manager.
    Those two ports are grabbed by the PIX for its own use.

    static (inside, outside) tcp interface smtp 192.168.100.3 smtp
    static (inside, outside) tcp interface ftp 192.168.100.2 ftp
    static (inside, outside) tcp interface ftp-data 192.168.100.2 ftp-data


    --
    History is a pile of debris -- Laurie Anderson
     
    Walter Roberson, Dec 19, 2003
    #2
    1. Advertising

  3. Kirk Goins

    Kirk Goins Guest

    Thanks I'll test it tonight

    Walter Roberson wrote:

    > In article <>,
    > Kirk Goins <> wrote:
    > :Setup #1 Linksys router with 1 Public IP and say 12 devices on the
    > :inside at 192.168.100.x
    >
    > :Setup #2 Cisco PIX 501 at 6.3 with 1 Public IP and say 12 devices on the
    > :inside at 192.168.100.x
    >
    > :With setup #1 a few mouse clicks and I can map any inbound port to any
    > :inside address like FTP to 192.168.100.2 and SMTP to 192.168.100.3 etc
    > :all using the same public IP.
    >
    > :With setup #2 I'm being told I can't do that and for the example just
    > :above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
    > :eek:ther traffic). Is that right?
    >
    > Not true. Static port forwarding became available in PIX 6.2,
    > and you can configure it using the PDM graphical manager.
    >
    > The limitation is that you cannot use static port forwarding
    > for telnet or one particular port used by the PIX firewall manager.
    > Those two ports are grabbed by the PIX for its own use.
    >
    > static (inside, outside) tcp interface smtp 192.168.100.3 smtp
    > static (inside, outside) tcp interface ftp 192.168.100.2 ftp
    > static (inside, outside) tcp interface ftp-data 192.168.100.2 ftp-data
    >
    >
     
    Kirk Goins, Dec 20, 2003
    #3
  4. Kirk Goins

    yoda

    Joined:
    Jul 25, 2006
    Messages:
    2
    Location:
    Planet Earth
    I need to allow a program through the PIX it a statically assigned IP on the inside at a specific port #. when I set it up... it blocks all internet traffic. clearly I am doing something wrong...
    anyone care to assist??
     
    yoda, Jul 25, 2006
    #4
  5. Kirk Goins

    yoda

    Joined:
    Jul 25, 2006
    Messages:
    2
    Location:
    Planet Earth
    >
    > :With setup #2 I'm being told I can't do that and for the example just
    > :above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
    > :eek:ther traffic). Is that right?
    >
    > Not true. Static port forwarding became available in PIX 6.2,
    > and you can configure it using the PDM graphical manager. HOW?!?!?!

    > The limitation is that you cannot use static port forwarding
    > for telnet or one particular port used by the PIX firewall manager.
    > Those two ports are grabbed by the PIX for its own use.
    Shouldn't be a problem...
    >
    > static (inside, outside) tcp interface smtp 192.168.100.3 smtp
    > static (inside, outside) tcp interface ftp 192.168.100.2 ftp
    > static (inside, outside) tcp interface ftp-data 192.168.100.2 ftp-data
    This is command line syntax I believe... fine, but how do I do it in the PDM??
     
    yoda, Jul 25, 2006
    #5
  6. Kirk Goins

    no7

    Joined:
    Oct 12, 2008
    Messages:
    1
    Location:
    Sofia, Bulgaria
    Hi everybody. My first post in the forum and I believe the last one.

    You are good, signal. Thank you. I'm calling myself a Cisco pro but you are way better. I almost gave up on port forwarding with that 501 with 6.3.5 os. Thank to your post, now everything works just great.

    I register in the forum just to tell you - thank you. Also thank everybody else for the nice post. It's been helpful.

    My configuration is below in case somebody will need it for future reference. By the way, my outside interface has DHCP setup and gets its IP directly from the cable modem.

    I'm posting the GUI version because my CLI is identical to signal's but the IP's of course.

    [​IMG]
    [​IMG]
    [​IMG]
    [​IMG]
     
    no7, Oct 12, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Hutchings
    Replies:
    6
    Views:
    5,035
  2. Robert McIntosh

    Port Forwarding and PIX 501

    Robert McIntosh, Sep 2, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,150
    Walter Roberson
    Sep 4, 2004
  3. Graeme Geldenhuys
    Replies:
    2
    Views:
    4,374
    Graeme Geldenhuys
    Apr 14, 2005
  4. signal
    Replies:
    16
    Views:
    48,893
    crescentvn
    Mar 17, 2008
  5. Sascha E. Pollok

    Quick help: PIX 501 and Port Forwarding

    Sascha E. Pollok, Aug 9, 2006, in forum: Cisco
    Replies:
    3
    Views:
    3,558
    Sascha E. Pollok
    Aug 9, 2006
Loading...

Share This Page