https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368898#M555007 <P>Hi </P><P></P><P>First time user on the PIX and wondering based on current config what is the best way to forward a range of IP ports to a dedicated internal server.</P><P></P><P>Thanks for the help</P><P></P><P></P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>enable password </P><P>passwd </P><P>hostname pix</P><P>domain-name </P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol ils 389</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol sip 5060</P><P>fixup protocol skinny 2000</P><P>no fixup protocol http 80</P><P>no fixup protocol smtp 25</P><P>names</P><P>access-list 111 permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0</P><P>access-list 111 permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0</P><P>access-list MAIL permit gre any host 1.10.20.20</P><P>access-list MAIL permit tcp any host 1.10.20.20 eq 1723</P><P>access-list MAIL permit tcp any host 1.10.20.20 eq smtp</P><P>pager lines 24</P><P>logging on</P><P>logging timestamp</P><P>logging trap errors</P><P>logging history errors</P><P>logging facility 0</P><P>logging host inside 10.0.0.5</P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>ip address outside 1.10.20.18 255.255.255.248</P><P>ip address inside 10.0.0.254 255.255.0.0</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>pdm location 10.0.0.5 255.255.255.255 inside</P><P>pdm location 192.168.1.0 255.255.255.0 inside</P><P>pdm location 10.0.0.251 255.255.255.255 outside</P><P>pdm logging informational 100</P><P>pdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 1.10.20.19</P><P>nat (inside) 0 access-list 111</P><P>nat (inside) 1 10.0.0.0 255.0.0.0 0 0</P><P>static (inside,outside) 1.10.20.20 10.0.0.3 netmask 255.255.255.255 0 0</P><P>access-group MAIL in interface outside</P><P>conduit permit tcp host 1.10.20.20 eq smtp any</P><P>route outside 0.0.0.0 0.0.0.0 1.10.20.17 1</P><P>route inside 10.1.0.0 255.255.0.0 10.0.1.100 1</P><P></P> Fri, 21 Feb 2020 07:44:36 GMT jayson 2020-02-21T07:44:36Z https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368898#M555007 <P>Hi </P><P></P><P>First time user on the PIX and wondering based on current config what is the best way to forward a range of IP ports to a dedicated internal server.</P><P></P><P>Thanks for the help</P><P></P><P></P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>enable password </P><P>passwd </P><P>hostname pix</P><P>domain-name </P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol ils 389</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol sip 5060</P><P>fixup protocol skinny 2000</P><P>no fixup protocol http 80</P><P>no fixup protocol smtp 25</P><P>names</P><P>access-list 111 permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0</P><P>access-list 111 permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0</P><P>access-list MAIL permit gre any host 1.10.20.20</P><P>access-list MAIL permit tcp any host 1.10.20.20 eq 1723</P><P>access-list MAIL permit tcp any host 1.10.20.20 eq smtp</P><P>pager lines 24</P><P>logging on</P><P>logging timestamp</P><P>logging trap errors</P><P>logging history errors</P><P>logging facility 0</P><P>logging host inside 10.0.0.5</P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>ip address outside 1.10.20.18 255.255.255.248</P><P>ip address inside 10.0.0.254 255.255.0.0</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>pdm location 10.0.0.5 255.255.255.255 inside</P><P>pdm location 192.168.1.0 255.255.255.0 inside</P><P>pdm location 10.0.0.251 255.255.255.255 outside</P><P>pdm logging informational 100</P><P>pdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 1.10.20.19</P><P>nat (inside) 0 access-list 111</P><P>nat (inside) 1 10.0.0.0 255.0.0.0 0 0</P><P>static (inside,outside) 1.10.20.20 10.0.0.3 netmask 255.255.255.255 0 0</P><P>access-group MAIL in interface outside</P><P>conduit permit tcp host 1.10.20.20 eq smtp any</P><P>route outside 0.0.0.0 0.0.0.0 1.10.20.17 1</P><P>route inside 10.1.0.0 255.255.0.0 10.0.1.100 1</P><P></P> Fri, 21 Feb 2020 07:44:36 GMT https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368898#M555007 jayson 2020-02-21T07:44:36Z https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368899#M555008 <HTML><HEAD></HEAD><BODY><P>The best way to do this is to create a dedicated 1:1 static like you already have:</P><P></P><P>static (inside,outside) 1.10.20.20 10.0.0.3 netmask 255.255.255.255 0 0</P><P></P><P>but I assume you are asking for something a little more specific. Are you trying use the 1.10.20.20 address for multiple internal servers? Perhaps a little more detail will help in clarifying this.</P><P></P><P>Scott</P></BODY></HTML> Fri, 12 Nov 2004 17:37:27 GMT https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368899#M555008 scoclayton 2004-11-12T17:37:27Z https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368900#M555009 <HTML><HEAD></HEAD><BODY><P>Yes I would like to use 1.10.20.20 to multiple servers.</P></BODY></HTML> Fri, 12 Nov 2004 18:26:25 GMT https://community.cisco.com/t5/network-security/pix-port-forwarding/m-p/368900#M555009 jayson 2004-11-12T18:26:25Z