02-22-2009 02:50 AM - edited 03-11-2019 07:54 AM
Hi All,
My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is
Internet--InternetSwitch--Pix515--DMZ
Any Clues for configuration??/
Solved! Go to Solution.
02-22-2009 09:13 AM
Hello Sohail,
Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1
static (dmz,outside) tcp interface 80 192.168.1.2 80
access-list outside_access_in permit tcp any interface outside eq 80
access-group outside_access_in in interface outside
Regards
02-22-2009 09:13 AM
Hello Sohail,
Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1
static (dmz,outside) tcp interface 80 192.168.1.2 80
access-list outside_access_in permit tcp any interface outside eq 80
access-group outside_access_in in interface outside
Regards
02-22-2009 10:10 AM
I want to elaborate more.
my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet, also 192.168.1.2 will access my inside server farm 192.168.3.x network
Appreciate ur ans..
02-22-2009 01:28 PM
"my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet"
Below config will achieve what you want above
static (dmz,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255
But I didnt understand this part
"also 192.168.1.2 will access my inside server farm 192.168.3.x network "
02-23-2009 07:13 AM
ignore that part, wz pasted by mistake,
i craeted static as u told.
then created
acl_outside_in permit ip any host 1.1.1.2
when tried to ping 1.1.1.2 didnt able to capture anything.. i can reach only to my wan ip
02-23-2009 09:59 AM
For ping, you should include
acl_outside_in permit icmp any host 1.1.1.2 echo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide