Solved: Re: PIX 501 Question?

u.naranjo · ‎04-11-2005

Hi,

I have a PIX 501 and was given only 1 Public IP from my ISP and I need to access a server on the private network from the outside (Telnet or FTP).

How do I translate the Private IP of the server to the public ip associated to the outside interface of the firewall and specifying the ftp or telnet port only? is this possible?

Thanks,

Patrick Iseli · ‎04-12-2005

The plesure is mine.

click on rate if you found the post helpful.

sincerely

Patrick

View solution in original post

Patrick Iseli · ‎04-11-2005

Yes, this is possible. This fonction is called port forwarding.

Public IP can be static or dynamic this does not change the config:

Inside IP: 192.168.1.10 in this example

example:

ip address outside YOUR-PUB-IP 255.255.255.240

ip address inside 192.168.1.1 255.255.255.0

access-list acl_out permit tcp any interface eq 21

access-list acl_out permit tcp any interface eq 23

access-group acl_out in interface outside

static (inside,outside) tcp interface 21 192.168.1.10 21 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 23 192.168.1.10 23 netmask 255.255.255.255 0 0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 Gateway 1

Establishing Connectivity: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html

sincerely

Patrick

u.naranjo · ‎04-12-2005

Patrick,

Than you very much for this sample; this is what I was looking for.

I appreciate you taking the time and explaining.

Regards,

Uriel Naranjo.

Patrick Iseli · ‎04-12-2005

The plesure is mine.

click on rate if you found the post helpful.

sincerely

Patrick