02-01-2006 09:24 AM - edited 02-21-2020 12:41 AM
Hi,
Sorry for my very bad english. ¿Spanish support?
PIX 515E 6.3(5)
outside: 172.19.16.1
inside: 10.3.1.1
router to internet: 172.19.16.2
The internet router forward all ports to pix outside interface.
I need to configure a "public terminal server" with ip address 10.3.1.3.
How I configure PIX to port forwarding traffic on port 3389 to 10.3.1.3?
Thanks.
Diego Fernández
02-01-2006 11:56 AM
!Hola! Sinor Fernandez,
To access TS from outside, in order you will need to configure the pix just like this:
1-Make a publication of your internal host to the outside interface. Make sure 10.3.1.3 is routable from the outside router.
static (inside, outside) 10.3.1.3 10.3.1.3 netmask 255.255.255.255
2-Add an ACL to permit traffic going from the outside intf to the inside network
access-list outside permit tcp any host 10.3.1.3 eq 3389
3-Bind the outside access-list to the outside intf
access-group outside in interface outside
There's information under these links:
Access-list configuration guide
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1067755
Static configuration guide
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694
!HL!
Mike
02-02-2006 05:29 AM
Sorry, the config no run.
If the internet router forward port 3389 to 10.3.1.3 I can connect to server, because de internet router is forwarding all traffic to interface outside (172.19.16.1).
I need configure PIX for forwarding traffice on port 3389 to 10.3.1.3
¿How to NAPT port 3389 to 10.3.1.3?
Very thanks.
02-02-2006 08:09 AM
To help you, here's 2 samples from Cisco web site regarding port forwarding.
1)The static command provides the translation for Telnet. The nat and global commands provide PAT for all other outbound connections from the server.
If you have a separate translation for all inside traffic that uses a different global address, you can still configure the Telnet server to use the same address as the static statement by creating a more exclusive nat statement just for that server. Because nat statements are read for the best match, more exclusive nat statements are matched before general statements.
static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255
nat (inside) 1 10.1.1.15 255.255.255.255
global (outside) 1 10.1.2.14 netmask 255.255.255.255
nat (inside) 2 0.0.0.0 0.0.0.0
global (outside) 2 10.1.2.78 netmask 255.255.255.255
2)To translate a well-known port (80) to another port (8080), enter:
static (inside,outside) tcp 10.1.2.45 80 10.1.1.16 8080 netmask 255.255.255.255
HTH
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide