topic Re: PIX port forward in Network Security

PIX port forward

plank1111 — Mon, 11 Mar 2019 10:23:12 GMT

I have a Pix 515e that I need to forward a port. this should be a simple task but for some reason it is not working. I have attached my config file

I need to forward FTP to mcs-sbs01 I have the nat setup in the config I attached it has ** above and below it to help you find it.

I can't seem to get an access rule that allows traffic through.

hoogen_82 — Thu, 31 May 2007 17:04:44 GMT

Is your static nat outside ip address related to the outside interface ip?

ip address outside ******.194 255.255.255.192

static (inside,outside) tcp 65.23.46.194 ftp mcs-sbs01 ftp netmask 255.255.255.255 0 0

If so you need to make a small change on the static statement, instead of putting the ip address of the outside interface use the keyword interface

static (inside,outside) tcp interface ftp mcs-sbs01 ftp netmask 255.255.255.255 0 0

HTH

Hoogen

Do rate if this post helps 🙂

plank1111 — Thu, 31 May 2007 17:22:43 GMT

The outside interface has multiple addresses, i got the normal ftp (21) working going to add a ACL for ftp-data(20) and see if passive mode works

plank1111 — Thu, 31 May 2007 17:48:02 GMT

adding an ACL for port 20 did not fix my data port error on FTP

if I add the following two ACL's will this fix my problem?

access-list inside_access_in permit host 192.168.1.221 eq ftp any established

access-list inside_access_in permit host 192.168.1.221 eq ftp-data any established