port forwarding with a pix and one ip address

Discussion in 'Cisco' started by Grey Samuels, Oct 29, 2003.

  1. Grey Samuels

    Grey Samuels Guest

    I have a pix running with one external IP address, I would like to
    port forward Terminal Services from the outside to a server inside. I
    have about ten computers on the inside of the network who have
    internet access via the same external address is this possible?
    Grey Samuels, Oct 29, 2003
    #1
    1. Advertising

  2. In article <>,
    Grey Samuels <> wrote:
    :I have a pix running with one external IP address, I would like to
    :port forward Terminal Services from the outside to a server inside. I
    :have about ten computers on the inside of the network who have
    :internet access via the same external address is this possible?

    Yes, as of PIX 6.2. Use the new extended form of the 'static' command:

    static (inside, outside) tcp interface OUTSIDEPORT INSIDEHOST INSIDEPORT netmask 255.255.255.255 0 0

    The word 'interface' should be used literally, but replace
    OUTSIDEPORT INSIDEHOST INSIDEPORT with the appropriate values.
    --
    "Infinity is like a stuffed walrus I can hold in the palm of my hand.
    Don't do anything with infinity you wouldn't do with a stuffed walrus."
    -- Dr. Fletcher, Va. Polytechnic Inst. and St. Univ.
    Walter Roberson, Oct 29, 2003
    #2
    1. Advertising

  3. Grey Samuels

    Brian Bergin Guest

    (Grey Samuels) wrote:

    |I have a pix running with one external IP address, I would like to
    |port forward Terminal Services from the outside to a server inside. I
    |have about ten computers on the inside of the network who have
    |internet access via the same external address is this possible?

    Sure. Here's how I do it:

    static (inside,outside) tcp interface 3389 192.168.100.9 3389 netmask 255.255.25
    5.255 0 0
    conduit permit tcp any eq 3389 any

    I know, conduits are getting old, but they still work. An equivalent ACL would
    be as simple to use.

    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.
    Brian Bergin, Oct 29, 2003
    #3
  4. Grey Samuels

    Brian Bergin Guest

    -cnrc.gc.ca (Walter Roberson) wrote:

    |
    |
    |static (inside, outside) tcp interface OUTSIDEPORT INSIDEHOST INSIDEPORT netmask 255.255.255.255 0 0
    |
    |The word 'interface' should be used literally, but replace
    |OUTSIDEPORT INSIDEHOST INSIDEPORT with the appropriate values.

    I find you still need a conduit or ACL for the port # to make this happen.

    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.
    Brian Bergin, Oct 29, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve
    Replies:
    5
    Views:
    6,762
    Phillip Remaker
    May 26, 2004
  2. Robert McIntosh

    Port Forwarding and PIX 501

    Robert McIntosh, Sep 2, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,133
    Walter Roberson
    Sep 4, 2004
  3. Graeme Geldenhuys
    Replies:
    2
    Views:
    4,355
    Graeme Geldenhuys
    Apr 14, 2005
  4. Sascha E. Pollok

    Quick help: PIX 501 and Port Forwarding

    Sascha E. Pollok, Aug 9, 2006, in forum: Cisco
    Replies:
    3
    Views:
    3,548
    Sascha E. Pollok
    Aug 9, 2006
  5. ToyalP2
    Replies:
    7
    Views:
    1,516
    ToyalP2
    Jan 7, 2008
Loading...

Share This Page