PIX 535: port forwarding newb problem

Discussion in 'Cisco' started by douglas.j.watt, Mar 5, 2006.

  1. Hi folks, I need some help.

    Trying to setup port forwarding for an app. for the first time on a

    I need to port forward a DMZ subnet on int dmz_v904 (eth3), forwarding
    all ports >1023 to host A.A.A.A to port 60199 on inside int (eth1).


    name A.A.A.A server

    object-group network vpn-pool
    description *** VPN dial client pool addresses ***
    network-object B.B.B.B 255.x.x.x
    object-group service Tivoli tcp
    port-object eq 60199

    *********THIS IS WHERE I NEED HELP****************

    access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A gt
    access-list inside permit tcp host aansso1tmra00 object-group vpn-pool
    object-group Tivoli

    is my syntax correct? and what else must I do?

    All help very much appreciated.
    douglas.j.watt, Mar 5, 2006
    1. Advertisements

  2. Think I've sorted the problem with the help from a friend.

    Was told I only need to apply one rule to the source interface, as

    access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A eq

    This should forward all permitted source subnet traffic on TCP 60199 to
    the destination A.A.A.A server on the inside interface.
    douglas.j.watt, Mar 8, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.