https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343755#M310310 <P>Hello,</P><P>I´m trying to remake this BSD:</P><P></P><P><SPAN style="color: #ff0000;">map ep0 172.16.0.0/16 -&gt; 216.68.250.60/32 portmap tcp/udp 10000:20000</SPAN></P><P><SPAN style="color: #ff0000;">line says go ahead and map all tcp/udp traffic right on through the interface and assign each out bound "connection" a port from 10000 to 20000</SPAN></P><P></P><P><SPAN style="color: #333333;">in Cisco PIX configuration. Can someone please tell me how? I´m looking to documentation and still do not have a clue.</SPAN></P><P></P><P>Thank you very much,</P><P>Marek</P> Tue, 12 Mar 2019 02:56:03 GMT mareks-vader 2019-03-12T02:56:03Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343755#M310310 <P>Hello,</P><P>I´m trying to remake this BSD:</P><P></P><P><SPAN style="color: #ff0000;">map ep0 172.16.0.0/16 -&gt; 216.68.250.60/32 portmap tcp/udp 10000:20000</SPAN></P><P><SPAN style="color: #ff0000;">line says go ahead and map all tcp/udp traffic right on through the interface and assign each out bound "connection" a port from 10000 to 20000</SPAN></P><P></P><P><SPAN style="color: #333333;">in Cisco PIX configuration. Can someone please tell me how? I´m looking to documentation and still do not have a clue.</SPAN></P><P></P><P>Thank you very much,</P><P>Marek</P> Tue, 12 Mar 2019 02:56:03 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343755#M310310 mareks-vader 2019-03-12T02:56:03Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343756#M310312 <HTML><HEAD></HEAD><BODY><P>Hello Marek,</P><P></P><P>access-list In_Out permit tcp 172.16.0.0&nbsp; 255.255.0.0 any </P><P>access-list In_Out permit udp 172.16.0.0 255.255.255.0 any </P><P> nat (inside) 1 access-list In_Out</P><P>&nbsp; global (outside) 1 216.68.250.60</P><P></P><P>Regards,</P></BODY></HTML> Thu, 24 Oct 2013 20:53:17 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343756#M310312 Julio Carvajal 2013-10-24T20:53:17Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343757#M310314 <HTML><HEAD></HEAD><BODY><P> Hello Julio,</P><P>but where is that port range in your commands?</P><P></P><P>Thank you,</P><P>Marek</P></BODY></HTML> Fri, 25 Oct 2013 06:10:18 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343757#M310314 mareks-vader 2013-10-25T06:10:18Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343758#M310316 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>There is no port range in the above configuration. You said you use PIX which leads me to believe that you are not able to even achieve this. I mean choose the mapped port range with which the hosts will be visible to the external network.</P><P></P><P>The newer software (which is not supported on PIX) has some possibilities but no clean way to achieve this to my understanding. I think there has been some mention of an Enhancement Request which asks to include an option to choose the port range used for a Dynamic PAT translation.</P><P></P><P>- Jouni</P></BODY></HTML> Fri, 25 Oct 2013 06:14:54 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343758#M310316 Jouni Forss 2013-10-25T06:14:54Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343759#M310318 <HTML><HEAD></HEAD><BODY><P> Hi Jouni,</P><P>maybe I don´t understand the original, for me it´s like: "Take all ports from inside network and remap it to ports 10000-20000 on the outside interface."</P><P></P><P>Thanks,</P><P>MArek</P></BODY></HTML> Fri, 25 Oct 2013 06:21:09 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343759#M310318 mareks-vader 2013-10-25T06:21:09Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343760#M310320 <HTML><HEAD></HEAD><BODY><P>Hello Marek,</P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">access-list In_Out permit tcp 172.16.0.0&nbsp; 255.255.0.0 any range <SPAN style="background-color: transparent; font-family: arial, helvetica, sans-serif; font-size: 10pt;">10000 20000</SPAN></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">access-list In_Out permit udp 172.16.0.0 255.255.255.0 any range 10000 -20000 </P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">nat (inside) 1 access-list In_Out</P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">&nbsp; global (outside) 1 216.68.250.60</P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">I mean that is the configuration if the inside devices are the ones inittiating the connection,</P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">If that is not what you are looking for then explain yourself <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN></P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">Regards,</P><P></P><P style="background-color: #f7fafb; border-collapse: collapse; font-size: 12.222222328186035px; list-style: none; font-family: Arial, verdana, sans-serif;">Jcarvaja</P></BODY></HTML> Fri, 25 Oct 2013 13:41:54 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343760#M310320 Julio Carvajal 2013-10-25T13:41:54Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343761#M310321 <HTML><HEAD></HEAD><BODY><P>First of all, what version are you running on the PIX, second, I not sure who gave you the instruction but its a really strange description and you might want to go back to them and tell them I understand English not bla,bla,bla, map ep0 172.16.0.0/16 -&gt; 216.68.250.60/32 portmap tcp/udp 10000:20000.</P><P></P><P>Julio is right, if you are obligated to translate your 172.16.0.0/24 to 216.68.250.60 when you are destine to anyone on the Internet then the configuration he last sent you is correct.</P><P></P><P>access-list In_Out permit tcp 172.16.0.0&nbsp; 255.255.0.0 any range 10000 20000</P><P></P><P>access-list In_Out permit udp 172.16.0.0 255.255.255.0 any range 10000 20000</P><P></P><P>nat (inside) 1 access-list In_Out</P><P></P><P>global (outside) 1 216.68.250.60</P><P></P><P>FYI: This is a configuration example, if you believe that this could affect your production firewall please send us the configuration or just make sure that you don't already have a "nat (inside) 1" by doing a "show run nat" or "show nat" depending on the version.</P><P></P><P>Details are what make the difference from us giving you the correct answer because if what I stated before this line is not true then we are giving you the incorrect answer.</P><P></P><P>Please recap with the people that sent you this request.</P><P></P><P>FYI: Learning takes time so I believe that it is great that you have questions and we are here to help you!!!<SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P></BODY></HTML> Fri, 25 Oct 2013 22:58:14 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343761#M310321 jumora 2013-10-25T22:58:14Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343762#M310322 <HTML><HEAD></HEAD><BODY><P>Please update the ticket as resolved or answered so we can close out followup.</P></BODY></HTML> Thu, 31 Oct 2013 17:50:34 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343762#M310322 jumora 2013-10-31T17:50:34Z https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343763#M310323 <HTML><HEAD></HEAD><BODY><P>I´m sorry I´ve been on vacation. Thank you very much, now it is solved.</P></BODY></HTML> Fri, 01 Nov 2013 11:02:34 GMT https://community.cisco.com/t5/network-security/portmapping-all-traffic-into-port-range/m-p/2343763#M310323 mareks-vader 2013-11-01T11:02:34Z