Port Forwarding

Discussion in 'Cisco' started by J. Giddings, Jan 12, 2004.

  1. J. Giddings

    J. Giddings Guest

    Ok, here goes. We have a pretty interesting thing going here, and I
    need some advice on how to set up the port mappings.

    I have an internal machine that acts as a relay server for some
    applications on our AS400 server. Two outside entities have to access
    the relay machine. One (Company A) already uses it and it works
    great. Another (Company B) needs to start accessing it as well.

    I have my groups setup in the PIX as follows -

    object-group network relayusers
    network-object <CompanyA-ip1> 255.255.255.255
    network-object <CompanyA-ip2> 255.255.255.255
    network-object <CompanyB-ip1> 255.255.255.255
    network-object (CompanyB-ip2> 255.255.255.255
    object-group service relayports tcp
    port-object eq www
    port-object range 1023 65535

    Access list looks like this (relevant only) -

    access-list 100 permit tcp object-group relayusers host <static>
    object-group relayports

    Now I run into the difficult part. Company A comes in, according to
    their documentation, on the static I gave them, using ports >1023. No
    problem, this works just fine. The relay server on my network sits on
    port 2080, so up until this point I have not needed to do any port
    redirection. Enter Company B.

    Company B needs to come in on port 4080, and I cannot open a second
    port on the relay server's software, so I need to do some port
    redirection. Re-assigning the port on the relay server is possible,
    but then I would have to rework the connection on the AS/400 as well
    as Company A.

    I have the following static mapping already in place -

    static (inside,outside) <static> <relayinternalip> netmask
    255.255.255.255 0 0

    If I try to add a static with port mapping, then it chokes and tells
    me it overlaps with the exisiting static mapping.

    I hope I have given enough information here. Any suggestions?
    J. Giddings, Jan 12, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QW5keSBU?=

    Port forwarding problems with SP2

    =?Utf-8?B?QW5keSBU?=, Mar 28, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    541
    =?Utf-8?B?QW5keSBU?=
    Mar 29, 2005
  2. Corbin O'Reilly

    [HELP] Cisco PIX 515 Port Forwarding

    Corbin O'Reilly, Sep 26, 2003, in forum: Cisco
    Replies:
    4
    Views:
    8,179
    Walter Roberson
    Sep 26, 2003
  3. Salus

    Cisco PIX Port Forwarding

    Salus, Oct 20, 2003, in forum: Cisco
    Replies:
    2
    Views:
    5,175
    Jyri Korhonen
    Oct 20, 2003
  4. Salus
    Replies:
    4
    Views:
    2,046
    Aaron Woody
    Oct 21, 2003
  5. ToyalP2
    Replies:
    7
    Views:
    1,471
    ToyalP2
    Jan 7, 2008
Loading...

Share This Page