Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
260
Views
0
Helpful
2
Replies

PIX Port Forwarding

jayson
Level 1
Level 1

‎11-12-2004 08:58 AM - edited ‎02-20-2020 11:44 PM

Hi

First time user on the PIX and wondering based on current config what is the best way to forward a range of IP ports to a dedicated internal server.

Thanks for the help

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password

passwd

hostname pix

domain-name

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

no fixup protocol http 80

no fixup protocol smtp 25

names

access-list 111 permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0

access-list 111 permit icmp 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0

access-list MAIL permit gre any host 1.10.20.20

access-list MAIL permit tcp any host 1.10.20.20 eq 1723

access-list MAIL permit tcp any host 1.10.20.20 eq smtp

pager lines 24

logging on

logging timestamp

logging trap errors

logging history errors

logging facility 0

logging host inside 10.0.0.5

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside 1.10.20.18 255.255.255.248

ip address inside 10.0.0.254 255.255.0.0

ip audit info action alarm

ip audit attack action alarm

pdm location 10.0.0.5 255.255.255.255 inside

pdm location 192.168.1.0 255.255.255.0 inside

pdm location 10.0.0.251 255.255.255.255 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 1.10.20.19

nat (inside) 0 access-list 111

nat (inside) 1 10.0.0.0 255.0.0.0 0 0

static (inside,outside) 1.10.20.20 10.0.0.3 netmask 255.255.255.255 0 0

access-group MAIL in interface outside

conduit permit tcp host 1.10.20.20 eq smtp any

route outside 0.0.0.0 0.0.0.0 1.10.20.17 1

route inside 10.1.0.0 255.255.0.0 10.0.1.100 1

0 Helpful
2 Replies 2

scoclayton
Level 7
Level 7

‎11-12-2004 09:37 AM

The best way to do this is to create a dedicated 1:1 static like you already have:

static (inside,outside) 1.10.20.20 10.0.0.3 netmask 255.255.255.255 0 0

but I assume you are asking for something a little more specific. Are you trying use the 1.10.20.20 address for multiple internal servers? Perhaps a little more detail will help in clarifying this.

Scott

0 Helpful

jayson
Level 1
Level 1
In response to scoclayton

‎11-12-2004 10:26 AM

Yes I would like to use 1.10.20.20 to multiple servers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card