Re: Can A PIX do Port Forwarding

ddisalvo · ‎09-12-2003

We have NAT to a device in the DMZ and I want to forward traffic coming via the NAT forwarded to another PC in the SMZ which has not 1 to 1 NAT.

Can this be done.

tvanginneken · ‎09-12-2003

Hi,

you should use the static command for this.

With the static command (please specify the port/service inside the static command) you create a 1 to 1 natting for that specific port/service.

Kind Regards,

Tom

ddisalvo · ‎09-12-2003

I used the following and it worked, thanks.

static (DMZ,outside) tcp 207.164.111.246 http 10.245.7.234 http netmask 255.255.255.255 0 0

static (DMZ,outside) tcp 207.164.111.246 http 10.245.7.218 http netmask 255.255.255.255 0 0

ddisalvo · ‎09-16-2003

Is there any reason why this would work then stop responding after a while until I clear xlate then it works again.

static (DMZ,outside) tcp 207.164.111.246 http 10.245.7.234 http netmask 255.255.255.255 0 0

static (DMZ,outside) tcp 207.164.111.246 https 10.245.7.218 http netmask 255.255.255.255 0 0

jmia · ‎09-16-2003

Hi -

Did you save the config with command 'write memory' and then do command 'clear xlate' and is https on the 2nd line should be there?

Thanks - Jay

ddisalvo · ‎09-16-2003

I'm pretty sure I did that maybe not in that order, I put the following PAT config back in.

static (DMZ,outside) tcp 207.164.141.246 http 10.245.7.234 http netmask 255.255.255.255 0 0

static (DMZ,outside) tcp 207.164.141.246 https 10.245.7.234 https netmask 255.255.255.255 0 0

static (DMZ,outside) tcp 207.164.141.246 SMTP 10.245.7.118 SMTP netmask 255.255.255.255 0 0