Can you do static translation/port forwarding on Nat'ed IP on a PIX?

Discussion in 'Cisco' started by BitBucket, Nov 1, 2003.

  1. BitBucket

    BitBucket Guest

    Hello all. Can you do a translation to the inside, for lets say www and
    smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    internet? This is on a PIX 515e.

    If I have confused you thouroughly, maybe this sample config will help you
    see what I am needing to know. Public IP's have been changed to protect the
    innocent.

    ip address outside 123.123.123.2 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    global (outside) 1 interface
    nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0
    0
    static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0
    0
    static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0
    0
    access-list outside_access_in permit tcp any host 123.123.123.2 eq smtp
    access-list outside_access_in permit tcp any host 123.123.123.2 eq pop3
    access-list outside_access_in permit tcp any host 123.123.123.2 eq www

    Can this be done?

    Many thanks!
     
    BitBucket, Nov 1, 2003
    #1
    1. Advertisements

  2. BitBucket

    BitBucket Guest

    Ignore the 2 extra static translations. I had a brain fart. There should
    only be the 1 static with 3 access rules.

    Thanks again!
     
    BitBucket, Nov 1, 2003
    #2
    1. Advertisements

  3. :Hello all. Can you do a translation to the inside, for lets say www and
    :smtp and pop3 using the 1 nat'ed IP that everyone uses to get on the
    :internet? This is on a PIX 515e.

    :If I have confused you thouroughly, maybe this sample config will help you
    :see what I am needing to know. Public IP's have been changed to protect the
    :innocent.

    :ip address outside 123.123.123.2 255.255.255.0
    :ip address inside 192.168.1.1 255.255.255.0
    :global (outside) 1 interface
    :nat (inside) 1 192.168.1.0 255.255.255.0 0 0
    :static (inside,outside) 123.123.123.2 192.168.1.5 netmask 255.255.255.255 0 0

    Change the outside IP address there to the literal word interface

    static (inside,outside) interface 192.168.1.5 netmask 255.255.255.255 0 0
     
    Walter Roberson, Nov 1, 2003
    #3
  4. BitBucket

    BitBucket Guest

    Thank you walter!


    decvax!utzoo!utcsrgv!roderick
     
    BitBucket, Nov 3, 2003
    #4
  5. BitBucket

    BitBucket Guest

    Thank you walter!


    decvax!utzoo!utcsrgv!roderick
     
    BitBucket, Nov 3, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.