Cisco Pix-501 Port Forwarding Problem

Discussion in 'Hardware' started by darren.eurolink, Aug 1, 2007.

  1. darren.eurolink

    darren.eurolink

    Joined:
    Aug 1, 2007
    Messages:
    1
    Likes Received:
    0
    hi,

    total novice here needing someone to point me in the right direction.

    i am trying to add a port forward to the above pix and as far as i can see it is setup fine. but it not working.

    i need access to port 5011 from a static ip *external ip* to 192.168.16.33

    i can telnet to the port i need internally but not externally?

    here is the config i added:

    name *external ip* display
    name 192.168.16.33 opmdisplay
    access-list acl_out permit tcp host display host opmdisplay eq 5011
    static (inside,outside) tcp opmdisplay 5011 opmdisplay 5011 netmask 255.255.255.255 0 0
    route outside display 255.255.255.255 192.168.0.4 1
    clear xlate
    clear arp
    clear local
    write mem
    reboot

    all above is the same format as all the existing pix settings and they all work fine.

    Many thanks in advance

    Daz
     
    darren.eurolink, Aug 1, 2007
    #1
    1. Advertisements

  2. darren.eurolink

    hungeduardo

    Joined:
    Sep 4, 2007
    Messages:
    8
    Likes Received:
    0
    Hi Darren did you add the command

    access-group acl_out in interface outside
     
    hungeduardo, Sep 4, 2007
    #2
    1. Advertisements

  3. darren.eurolink

    Greeley

    Joined:
    Dec 16, 2007
    Messages:
    67
    Likes Received:
    0
    The config is not correct.

    Basically anyone trying to go to public IP x.x.x.x should be directed to inside ip address y.y.y.y
    So static NAT an ACL and apply it.

    Static (inside,outside) tcp x.x.x.x 5011 y.y.y.y 5011 natmask 255.255.255.255

    The ACL is wrong too it needs to be what ever sits on the internet so say 1.1.1.1 and the outside pix address is 2.2.2.2 well when 1.1.1.1 wants to talk to 2.2.2.2 on port 443 it will hit the access list and that will be applied in bound on the outside port.
    That route outside command is not needed. Just take it out.

    --G
     
    Last edited: Dec 16, 2007
    Greeley, Dec 16, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.