PIX 515 : Problem with port forwarding

Discussion in 'Cisco' started by Renaud, Feb 19, 2004.

  1. Renaud

    Renaud Guest

    I would be really pleased if someone could help me on a problem I have
    with port forwarding (PIX 515):

    What I am trying to do is pretty simple: forward everything comming to
    the outside adresse O.U.T.S/8888 to the DMZ host D.M.Z.I/22.

    To do this, I tried the following commands:

    static (dmz, outside) tcp O.U.T.S 8888 D.M.Z.I 22 netmask
    255.255.255.255
    access-list acl_out permit tcp any host O.U.T.S eq 8888
    access-group acl_out in interface outside


    These commands do not work: it seems the address translation is OK,
    but the packets are forwarded to the DMZ host with port 8888 instead
    of port 22. I logs the following:

    %PIX-6-302013: Built inbound TCP connection 5340295 for
    outside:81.57.0.176/60239 (81.57.0.176/60239) to dmz:D.M.Z.I/7500
    (O.U.T.S/7500)

    Does anybody have an explanation (or a solution for my problem !) to
    this ??
    Thanks in advance for your help !
     
    Renaud, Feb 19, 2004
    #1
    1. Advertisements

  2. Renaud

    gaetano Guest

    try
    nat(dmz) 1 subnet_dmz netmask_dmz
    global (outside) 1 interface
    clear xlate
     
    gaetano, Feb 19, 2004
    #2
    1. Advertisements

  3. Renaud

    Renaud Guest

    It worked fine !
    Thanks a lot for your help !

    In fact, I only cleared xlates, since the DMZ subnet was already nated
    (on another public adresse ...)

    Renaud
     
    Renaud, Feb 20, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.