Inbound static on PIX with dynamic outside IP

Discussion in 'Cisco' started by Gordo, Jan 3, 2005.

  1. Gordo

    Gordo Guest

    Hi.

    TIA for any help. I have a PIX 501 in a common home office VPN config but I
    need to add inbound access to an FTP server. I only have a single outside IP
    assigned dynamically from my ISP so I am using PAT to provide inside_outside
    access.
    i.e. global (outside) 1 interface
    nat (inside) 1 0 0


    I would like to add a static mapping of my external PIX interface: port 21
    to my internal FTP server:port 21. When I do this with IOS boxes, there
    would be a problem if I assigned a static mapping of the overloaded outside
    interface to an inside server as the ftp port may be assigned twice.

    Can I just add a static mapping such as:
    static (inside, outside) TCP outside 21 <inside server ip> 21

    Is port 21 removed from the global outbound PAT ?
    Will FIXUP still sort out the FTP ?
    Do outside clients need to use PASV ?
    Am I out to lunch here?

    Thanks,

    Gordon

    PIX 501 6.3(4)
     
    Gordo, Jan 3, 2005
    #1
    1. Advertisements

  2. :I have a PIX 501
    :I only have a single outside IP
    :assigned dynamically from my ISP so I am using PAT

    :I would like to add a static mapping of my external PIX interface: port 21
    :to my internal FTP server:port 21.

    :Can I just add a static mapping such as:
    :static (inside, outside) TCP outside 21 <inside server ip> 21

    Yes.

    static (inside, outside) tcp interface ftp INSIDEIP ftp netmask 255.255.255.255

    :Is port 21 removed from the global outbound PAT ?

    Yes.

    :Will FIXUP still sort out the FTP ?

    Yes.

    :Do outside clients need to use PASV ?

    No.
     
    Walter Roberson, Jan 3, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.