Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
3
Replies

Help in configuring zone based firewall

l.buschi
Level 2
Level 2

‎03-31-2016 02:40 AM - edited ‎03-12-2019 12:33 AM

Can anybody help me in configuring the following?

I have a router with zone based firewall configured.

I have the following port redirect:

ip nat inside source static tcp 192.168.1.100 80 172.24.10.100 8888 extendable

172.24.10.x is my pool of outside addresses.

I need to reach the server 192.168.1.100:80 from any outside address    (by the address 172.24.10.100:8888 )

which class map type inspect do I have to configure?

Thanks

Johnny

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎03-31-2016 02:54 AM

You can use a class-map that references an ACL. This ACL allows the traffic to the real IP/Port of the server.

0 Helpful

l.buschi
Level 2
Level 2
In response to Karsten Iwen

‎03-31-2016 03:10 AM

do you mean the following?

access-list 101 permit tcp any host 192.168.1.100 eq 80

in the policy map do I have to put an inspect or a pass statement?

Thanks

Johnny

0 Helpful

Karsten Iwen
VIP
VIP
In response to l.buschi

‎03-31-2016 03:17 AM

Yes, the ACL is ok, although I would use a named ACL.

The action "pass" is for unidirectional flows. If you want that your server can send answers back to the client (probably yes ;-) ) then you need to "inspect" that traffic.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card