https://community.cisco.com/t5/network-security/port-forwarding/m-p/877277#M969225 <HTML><HEAD></HEAD><BODY><P>hello Raj</P><P></P><P>here are all the acl?s</P><P></P><P>access-list inside_access_in permit ip 192.168.10.0 255.255.255.0 any </P><P>access-list inside_access_in permit ip 192.168.20.0 255.255.255.0 any </P><P>access-list inside_access_in permit ip 192.168.40.0 255.255.255.0 any </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list outside_cryptomap_100 permit ip host mvxapp host 10.23.125.185 </P><P>access-list acl_intentia_ipsec permit ip 10.23.125.184 255.255.255.248 host intentia-host </P><P>access-list static-intentia-srv1 permit ip host mvxapp host intentia-host </P><P>access-list static-intentia-srv2 permit ip host 192.168.10.12 host intentia-host </P><P>access-list nat-intentia-srv1 permit ip host mvxapp host intentia-host </P><P>access-list nat-intentia-srv2 permit ip host 192.168.10.12 host intentia-host </P><P>access-list split-labicer-admin permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list split-labicer-admin permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list acl_valorceram_ipsec permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list acl_valorceram_ipsec permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list outside-inbound permit tcp any interface outside eq 1417 </P><P>access-list outside-inbound permit tcp any interface outside eq 1418 </P><P>access-list outside-inbound permit tcp any interface outside eq 1419 </P><P>access-list outside-inbound permit tcp any interface outside eq 1420 </P><P>access-list outside-inbound permit udp any interface outside eq 407 </P><P></P><P></P><P></P><P></P><P>here are the nat and global statments</P><P></P><P>global (outside) 5 10.23.125.185</P><P>global (outside) 6 10.23.125.186</P><P>global (outside) 10 interface</P><P>global (outside) 7 10.23.125.187</P><P>nat (inside) 0 access-list inside_outbound_nat0_acl</P><P>nat (inside) 5 access-list nat-intentia-srv1 0 0</P><P>nat (inside) 6 access-list nat-intentia-srv2 0 0</P><P>nat (inside) 10 192.168.10.0 255.255.255.0 0 0</P><P></P></BODY></HTML> Wed, 19 Sep 2007 09:49:59 GMT yupinho 2007-09-19T09:49:59Z https://community.cisco.com/t5/network-security/port-forwarding/m-p/877275#M969223 <P>Hi there!</P><P></P><P>We are trying to configure a pix firewall 506e to redirect outside traffic to an inside machine.</P><P>We're using the following commands:</P><P></P><P>static (inside,outside) tcp 82.173.121.53 1417 192.168.10.137 1417 netmask 255.255.255.255</P><P>static (inside,outside) tcp 82.173.121.53 1418 192.168.10.137 1418 netmask 255.255.255.255</P><P>static (inside,outside) tcp 82.173.121.53 1419 192.168.10.137 1419 netmask 255.255.255.255</P><P>static (inside,outside) tcp 82.173.121.53 1420 192.168.10.137 1420 netmask 255.255.255.255</P><P>static (inside,outside) udp 82.173.121.53 407 192.168.10.137 407 netmask 255.255.255.255</P><P></P><P>access-list outside-inbound permit tcp any interface outside eq 1417</P><P>access-list outside-inbound permit tcp any interface outside eq 1418</P><P>access-list outside-inbound permit tcp any interface outside eq 1419</P><P>access-list outside-inbound permit tcp any interface outside eq 1420</P><P>access-list outside-inbound permit udp any interface outside eq 407</P><P></P><P>access-group outside-inbound in interface outside</P><P></P><P>We can see received packets on the hit count of the access list but only udp and we can't connect anyway.</P><P></P><P>access-list outside-inbound line 1 permit tcp any interface outside eq 1417 (hitcnt=0)</P><P>access-list outside-inbound line 2 permit tcp any interface outside eq 1418 (hitcnt=0)</P><P>access-list outside-inbound line 3 permit tcp any interface outside eq 1419 (hitcnt=0)</P><P>access-list outside-inbound line 4 permit tcp any interface outside eq 1420 (hitcnt=0)</P><P>access-list outside-inbound line 5 permit udp any interface outside eq 407 (hitcnt=1)</P><P></P><P>Thanks,</P><P>David</P> Mon, 11 Mar 2019 11:12:31 GMT https://community.cisco.com/t5/network-security/port-forwarding/m-p/877275#M969223 yupinho 2019-03-11T11:12:31Z https://community.cisco.com/t5/network-security/port-forwarding/m-p/877276#M969224 <HTML><HEAD></HEAD><BODY><P></P><P></P><P></P><P>Hi,</P><P></P><P>Please paste the relevant part of the config that would include :</P><P>inside access lists , nat and the global statement.</P><P></P><P></P><P>Raj</P></BODY></HTML> Tue, 18 Sep 2007 10:51:04 GMT https://community.cisco.com/t5/network-security/port-forwarding/m-p/877276#M969224 rajbhatt 2007-09-18T10:51:04Z https://community.cisco.com/t5/network-security/port-forwarding/m-p/877277#M969225 <HTML><HEAD></HEAD><BODY><P>hello Raj</P><P></P><P>here are all the acl?s</P><P></P><P>access-list inside_access_in permit ip 192.168.10.0 255.255.255.0 any </P><P>access-list inside_access_in permit ip 192.168.20.0 255.255.255.0 any </P><P>access-list inside_access_in permit ip 192.168.40.0 255.255.255.0 any </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list outside_cryptomap_100 permit ip host mvxapp host 10.23.125.185 </P><P>access-list acl_intentia_ipsec permit ip 10.23.125.184 255.255.255.248 host intentia-host </P><P>access-list static-intentia-srv1 permit ip host mvxapp host intentia-host </P><P>access-list static-intentia-srv2 permit ip host 192.168.10.12 host intentia-host </P><P>access-list nat-intentia-srv1 permit ip host mvxapp host intentia-host </P><P>access-list nat-intentia-srv2 permit ip host 192.168.10.12 host intentia-host </P><P>access-list split-labicer-admin permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list split-labicer-admin permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0 </P><P>access-list acl_valorceram_ipsec permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list acl_valorceram_ipsec permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0 </P><P>access-list outside-inbound permit tcp any interface outside eq 1417 </P><P>access-list outside-inbound permit tcp any interface outside eq 1418 </P><P>access-list outside-inbound permit tcp any interface outside eq 1419 </P><P>access-list outside-inbound permit tcp any interface outside eq 1420 </P><P>access-list outside-inbound permit udp any interface outside eq 407 </P><P></P><P></P><P></P><P></P><P>here are the nat and global statments</P><P></P><P>global (outside) 5 10.23.125.185</P><P>global (outside) 6 10.23.125.186</P><P>global (outside) 10 interface</P><P>global (outside) 7 10.23.125.187</P><P>nat (inside) 0 access-list inside_outbound_nat0_acl</P><P>nat (inside) 5 access-list nat-intentia-srv1 0 0</P><P>nat (inside) 6 access-list nat-intentia-srv2 0 0</P><P>nat (inside) 10 192.168.10.0 255.255.255.0 0 0</P><P></P></BODY></HTML> Wed, 19 Sep 2007 09:49:59 GMT https://community.cisco.com/t5/network-security/port-forwarding/m-p/877277#M969225 yupinho 2007-09-19T09:49:59Z