PIX 535: port forwarding newb problem

Discussion in 'Cisco' started by douglas.j.watt, Mar 5, 2006.

  1. Hi folks, I need some help.

    Trying to setup port forwarding for an app. for the first time on a

    I need to port forward a DMZ subnet on int dmz_v904 (eth3), forwarding
    all ports >1023 to host A.A.A.A to port 60199 on inside int (eth1).


    name A.A.A.A server

    object-group network vpn-pool
    description *** VPN dial client pool addresses ***
    network-object B.B.B.B 255.x.x.x
    object-group service Tivoli tcp
    port-object eq 60199

    *********THIS IS WHERE I NEED HELP****************

    access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A gt
    access-list inside permit tcp host aansso1tmra00 object-group vpn-pool
    object-group Tivoli

    is my syntax correct? and what else must I do?

    All help very much appreciated.
    douglas.j.watt, Mar 5, 2006
  2. Think I've sorted the problem with the help from a friend.

    Was told I only need to apply one rule to the source interface, as

    access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A eq

    This should forward all permitted source subnet traffic on TCP 60199 to
    the destination A.A.A.A server on the inside interface.
    douglas.j.watt, Mar 8, 2006
