Port forwarding on a PIX 501 at 6.3

Setup #1 Linksys router with 1 Public IP and say 12 devices on the
inside at 192.168.100.x

Setup #2 Cisco PIX 501 at 6.3 with 1 Public IP and say 12 devices on the
inside at 192.168.100.x

With setup #1 a few mouse clicks and I can map any inbound port to any
inside address like FTP to 192.168.100.2 and SMTP to 192.168.100.3 etc
all using the same public IP.

With setup #2 I'm being told I can't do that and for the example just
above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
other traffic). Is that right?

Thanks

 

:Setup #1 Linksys router with 1 Public IP and say 12 devices on the
:inside at 192.168.100.x

:Setup #2 Cisco PIX 501 at 6.3 with 1 Public IP and say 12 devices on the
:inside at 192.168.100.x

:With setup #1 a few mouse clicks and I can map any inbound port to any
:inside address like FTP to 192.168.100.2 and SMTP to 192.168.100.3 etc
:all using the same public IP.

:With setup #2 I'm being told I can't do that and for the example just
:above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
ther traffic). Is that right?

Not true. Static port forwarding became available in PIX 6.2,
and you can configure it using the PDM graphical manager.

The limitation is that you cannot use static port forwarding
for telnet or one particular port used by the PIX firewall manager.
Those two ports are grabbed by the PIX for its own use.

static (inside, outside) tcp interface smtp 192.168.100.3 smtp
static (inside, outside) tcp interface ftp 192.168.100.2 ftp
static (inside, outside) tcp interface ftp-data 192.168.100.2 ftp-data

 

Thanks I'll test it tonight

 

I need to allow a program through the PIX it a statically assigned IP on the inside at a specific port #. when I set it up... it blocks all internet traffic. clearly I am doing something wrong...
anyone care to assist??

 

>
> :With setup #2 I'm being told I can't do that and for the example just
> :above I would need at least 3 IPs (1 for FTP, 1 for SMTP and 1 for all
> ther traffic). Is that right?
>
> Not true. Static port forwarding became available in PIX 6.2,
> and you can configure it using the PDM graphical manager. HOW?!?!?!

> The limitation is that you cannot use static port forwarding
> for telnet or one particular port used by the PIX firewall manager.
> Those two ports are grabbed by the PIX for its own use.
Shouldn't be a problem...
>
> static (inside, outside) tcp interface smtp 192.168.100.3 smtp
> static (inside, outside) tcp interface ftp 192.168.100.2 ftp
> static (inside, outside) tcp interface ftp-data 192.168.100.2 ftp-data
This is command line syntax I believe... fine, but how do I do it in the PDM??

 

Hi everybody. My first post in the forum and I believe the last one.

You are good, signal. Thank you. I'm calling myself a Cisco pro but you are way better. I almost gave up on port forwarding with that 501 with 6.3.5 os. Thank to your post, now everything works just great.

I register in the forum just to tell you - thank you. Also thank everybody else for the nice post. It's been helpful.

My configuration is below in case somebody will need it for future reference. By the way, my outside interface has DHCP setup and gets its IP directly from the cable modem.

I'm posting the GUI version because my CLI is identical to signal's but the IP's of course.