12-03-2009 12:39 PM - edited 03-11-2019 09:45 AM
Can someone point me to info on port forwarding from an external address to an internal address. This firewall has a DMZ, but the machine I want to port forward to does not sit in the DMZ. All attempts to solve have lead to my machines in the DMZ not working.
Solved! Go to Solution.
12-04-2009 10:12 AM
Hi,
Be aware that an ACL must allow the traffic comes from Internet to DMZ servers.
Br,
12-04-2009 10:53 AM
Ok, have you already checked all ACLs for inside and outside directions?
12-03-2009 12:47 PM
Hi,
Try this command below:
static (inside,outside) tcp 1.1.1.1 www 2.2.2.2 www netmask 255.255.255.255
where 1.1.1.1 = it is your public ip address and 2.2.2.2 it is your internal one ( RFC 1918 ). In this example, the firewall is performing a static PAT for HTTP service. In this case, the reachable ip address for the Internet will be 2.2.2.2
Br,
12-03-2009 12:48 PM
Sorry, the ip will be 1.1.1.1 to be reachable by Internet
12-03-2009 01:12 PM
So are you saying:
static (inside,outside) tcp External-IP www Internal-IP www netmask 255.255.255.255
12-03-2009 01:14 PM
That's correct.
Br
12-04-2009 10:09 AM
Thanks for the reply, but it didn't work.
12-04-2009 10:12 AM
Hi,
Be aware that an ACL must allow the traffic comes from Internet to DMZ servers.
Br,
12-04-2009 10:47 AM
Yes, realize that. But, this is not a DMZ host, it is one that sits on the inside network.
12-04-2009 10:53 AM
Ok, have you already checked all ACLs for inside and outside directions?
12-05-2009 08:44 AM
Got it. I added:
access-list Inside_access_out extended permit tcp any host 192.168.14.252 eq www
access-list Inside_access_out extended permit tcp host 192.168.14.252 eq www any
and everything finally worked.
Thanks again for your help.
Chuck
12-07-2009 02:11 PM
You are welcome.
Best regards,
Renato Saraiva
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide