PIX 535: port forwarding newb problem

Discussion in 'Cisco' started by douglas.j.watt, Mar 5, 2006.

  1. Hi folks, I need some help.

    Trying to setup port forwarding for an app. for the first time on a
    535:

    I need to port forward a DMZ subnet on int dmz_v904 (eth3), forwarding
    all ports >1023 to host A.A.A.A to port 60199 on inside int (eth1).

    e.g.

    name A.A.A.A server

    object-group network vpn-pool
    description *** VPN dial client pool addresses ***
    network-object B.B.B.B 255.x.x.x
    object-group service Tivoli tcp
    port-object eq 60199

    *********THIS IS WHERE I NEED HELP****************

    access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A gt
    1023
    access-list inside permit tcp host aansso1tmra00 object-group vpn-pool
    object-group Tivoli

    is my syntax correct? and what else must I do?

    All help very much appreciated.
     
    douglas.j.watt, Mar 5, 2006
    #1
    1. Advertisements

  2. Think I've sorted the problem with the help from a friend.

    Was told I only need to apply one rule to the source interface, as
    below:

    access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A eq
    60199

    This should forward all permitted source subnet traffic on TCP 60199 to
    the destination A.A.A.A server on the inside interface.
     
    douglas.j.watt, Mar 8, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.