Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
1
Replies

pix 515 static question

Go to solution
vg200
Level 1
Level 1

‎03-03-2003 07:19 PM - edited ‎02-20-2020 10:35 PM

I have setup a pix 515 at home on my broadband connection for testing. I was wondering if it is possable to use the static command to map a Internal to the dhcp assigned address from ISP. I have setup a reverse DNS client to map the dhcp assigned WAN address to a public dns server.

Example:

interface0 outside

interface1 inside

ip address outside dhcp setroute

ip address inside 172.16.0.1

ip route 0.0.0.0 0.0.0.0 dhcp

Thanks,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎03-03-2003 08:56 PM

Assuming you have something like:

> nat (inside) 1 0 0

> global (outside) 1 interface

for your outbound traffic, you can do the following for inbound:

> static (inside,outside) tcp interface 80 172.16.0.2 80 netmask 255.255.255.255

This'll map any TCP port 80 packet destined for the PIX outside interface to the internal server at 172.16.0.2 on port 80. The keyword "interface" simply means the outside interfaces IP address. You can add as many of these port mappings as you like. The ports don't have to be the same either, you can map port 80 to port 345 if you like.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎03-03-2003 08:56 PM

Assuming you have something like:

> nat (inside) 1 0 0

> global (outside) 1 interface

for your outbound traffic, you can do the following for inbound:

> static (inside,outside) tcp interface 80 172.16.0.2 80 netmask 255.255.255.255

This'll map any TCP port 80 packet destined for the PIX outside interface to the internal server at 172.16.0.2 on port 80. The keyword "interface" simply means the outside interfaces IP address. You can add as many of these port mappings as you like. The ports don't have to be the same either, you can map port 80 to port 345 if you like.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card