[HELP] Cisco PIX 515 Port Forwarding

Discussion in 'Cisco' started by Corbin O'Reilly, Sep 26, 2003.

  1. Corbin O'Reilly

    Corbin O'Reilly Guest

    Hi everyone. I have a Cisco PIX 515 and am trying to do a simple task. When
    somebody connects to an external IP address on a specific port I want it to
    direct to an internal IP on a different port. For example, if somebody
    connects to the external 215.152.16.8 on port 9386 I want it to map to port
    2516 on 192.168.1.8. I know the command to map the IP is:

    static (inside,outside) 215.152.16.8 192.168.1.8 netmask 255.255.255.255 0 0

    What is the command to redirect the ports? Does this command look right?

    static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask
    255.255.255.255 0 0

    Thanks for the help. Raven.
     
    Corbin O'Reilly, Sep 26, 2003
    #1

    1. Advertisements

  2. Corbin O'Reilly

    Walter Roberson Guest

    :Hi everyone. I have a Cisco PIX 515 and am trying to do a simple task. When
    :somebody connects to an external IP address on a specific port I want it to
    :direct to an internal IP on a different port. For example, if somebody
    :connects to the external 215.152.16.8 on port 9386 I want it to map to port
    :2516 on 192.168.1.8. I know the command to map the IP is:

    :static (inside,outside) 215.152.16.8 192.168.1.8 netmask 255.255.255.255 0 0

    :What is the command to redirect the ports? Does this command look right?

    :static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask 255.255.255.255 0 0

    Looks right to me.

    You will of course need an access-list permitting the traffic,
    applied to the outside interface via the 'access-group' command.
     
    Walter Roberson, Sep 26, 2003
    #2

    1. Advertisements

  3. Corbin O'Reilly

    Rik Bain Guest


    Just to add to Walter's statement, the release notes for 6.3.3 state that
    it is the last major release to support conduit.

    Rik Bain
     
    Rik Bain, Sep 26, 2003
    #3
  4. Corbin O'Reilly

    Corbin O'Reilly Guest

    Thanks for the reply. Please let me know if these are the commands I need to
    add.

    static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask
    255.255.255.255 0 0
    conduit permit tcp host 215.152.16.8 eq 9386 any

    I appreciate the help.
     
    Corbin O'Reilly, Sep 26, 2003
    #4
  5. Corbin O'Reilly

    Walter Roberson Guest

    :Thanks for the reply. Please let me know if these are the commands I need to
    :add.

    :static (inside,outside) tcp 215.152.16.8 9386 192.168.1.8 2516 netmask 255.255.255.255 0 0
    :conduit permit tcp host 215.152.16.8 eq 9386 any

    The extended version of 'static' has been supported since PIX 6.0(1),
    and Cisco has been recommending against using 'conduit' since PIX 5.1(2)
    or so. Cisco does not promise that conduits will function properly with
    PIX 6 features such as port forwarding. I would highly recommend
    that you use access-list and access-group instead.
     
    Walter Roberson, Sep 26, 2003
    #5

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Cisco PIX Port Forwarding

  2. PIX 515 : Problem with port forwarding

  3. Cisco Pix 515 Port forwarding range: 10000-50000 (tcp/udp)

  4. HELP With Cisco PIX 506E routing/port forwarding with SMTP?????

  5. Cisco PIX Port Forwarding - 2 Internal Web Servers

  6. cisco pix 515 port forwarding - NOT possible? hard to believe..

  7. port mapping or forwarding on Cisco Pix 506E

  8. PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC?

Loading...