12-03-2009 12:39 PM - edited 03-11-2019 09:45 AM
Can someone point me to info on port forwarding from an external address to an internal address. This firewall has a DMZ, but the machine I want to port forward to does not sit in the DMZ. All attempts to solve have lead to my machines in the DMZ not working.
Solved! Go to Solution.
12-04-2009 10:12 AM
Hi,
Be aware that an ACL must allow the traffic comes from Internet to DMZ servers.
Br,
12-04-2009 10:53 AM
Ok, have you already checked all ACLs for inside and outside directions?
12-03-2009 12:47 PM
Hi,
Try this command below:
static (inside,outside) tcp 1.1.1.1 www 2.2.2.2 www netmask 255.255.255.255
where 1.1.1.1 = it is your public ip address and 2.2.2.2 it is your internal one ( RFC 1918 ). In this example, the firewall is performing a static PAT for HTTP service. In this case, the reachable ip address for the Internet will be 2.2.2.2
Br,
12-03-2009 12:48 PM
Sorry, the ip will be 1.1.1.1 to be reachable by Internet
12-03-2009 01:12 PM
So are you saying:
static (inside,outside) tcp External-IP www Internal-IP www netmask 255.255.255.255
12-03-2009 01:14 PM
That's correct.
Br
12-04-2009 10:09 AM
Thanks for the reply, but it didn't work.
12-04-2009 10:12 AM
Hi,
Be aware that an ACL must allow the traffic comes from Internet to DMZ servers.
Br,
12-04-2009 10:47 AM
Yes, realize that. But, this is not a DMZ host, it is one that sits on the inside network.
12-04-2009 10:53 AM
Ok, have you already checked all ACLs for inside and outside directions?
12-05-2009 08:44 AM
Got it. I added:
access-list Inside_access_out extended permit tcp any host 192.168.14.252 eq www
access-list Inside_access_out extended permit tcp host 192.168.14.252 eq www any
and everything finally worked.
Thanks again for your help.
Chuck
12-07-2009 02:11 PM
You are welcome.
Best regards,
Renato Saraiva
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: