PIX 515 : Problem with port forwarding

Discussion in 'Cisco' started by Renaud, Feb 19, 2004.

  Renaud

    Renaud Guest

    I would be really pleased if someone could help me on a problem I have
    with port forwarding (PIX 515):

    What I am trying to do is pretty simple: forward everything comming to
    the outside adresse O.U.T.S/8888 to the DMZ host D.M.Z.I/22.

    To do this, I tried the following commands:

    static (dmz, outside) tcp O.U.T.S 8888 D.M.Z.I 22 netmask
    access-list acl_out permit tcp any host O.U.T.S eq 8888
    access-group acl_out in interface outside

    These commands do not work: it seems the address translation is OK,
    but the packets are forwarded to the DMZ host with port 8888 instead
    of port 22. I logs the following:

    %PIX-6-302013: Built inbound TCP connection 5340295 for
    outside: ( to dmz:D.M.Z.I/7500

    Does anybody have an explanation (or a solution for my problem !) to
    this ??
    Thanks in advance for your help !
    Renaud, Feb 19, 2004
  gaetano

    gaetano Guest

    nat(dmz) 1 subnet_dmz netmask_dmz
    global (outside) 1 interface
    clear xlate
    gaetano, Feb 19, 2004
  Renaud

    Renaud Guest

    It worked fine !
    Thanks a lot for your help !

    In fact, I only cleared xlates, since the DMZ subnet was already nated
    (on another public adresse ...)

    Renaud, Feb 20, 2004
