Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
0
Helpful
5
Replies

mapping IP's

langemechanical
Level 1
Level 1

‎05-25-2004 02:51 PM - edited ‎03-09-2019 07:30 AM

Prior to the installation of my PIX 501, my ISP provider had one of my static internal IP addresses mapped to a static outside IP. How do I do this using the PIX ?

Labels:
0 Helpful
5 Replies 5

nkhawaja
Cisco Employee
Cisco Employee

‎05-25-2004 03:15 PM

Hi,

The quick start guide can guide you.

Additionally you can get the sample configs here

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration#Software_Samples_and_Tips

you just need to have this command (if using CLI)

static (inside,outside) public_ip_address private_ip_address

Thanks

Nadeem

0 Helpful

kagodfrey
Level 3
Level 3

‎05-25-2004 03:18 PM

Hi

You need the following command to create a static mapping:

static (inside,outside) out.side.ip.address in.side.ip.address netmask 255.255.255.255 0 0

If you are then looking to allow, say, http traffic then you need an access-list allowing it configured on the outside interface of the pix:

access-list acl_outside permit tcp any host out.side.ip.address eq www

access-group acl_outside in interface outside

See

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml or

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

for further examples

Hth

Kev

0 Helpful

langemechanical
Level 1
Level 1

‎06-09-2004 05:49 PM

Will these setups allow me to access the internal IP via the public IP that is mapped???

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to langemechanical

‎06-09-2004 06:07 PM

Hi,

Surely, the static and the access-list will allow the access to private IP using its public IP

Thanks

Nadeem

0 Helpful

langemechanical
Level 1
Level 1
In response to nkhawaja

‎06-17-2004 04:58 AM

I added the following lines

static (inside,outside) outsideIP insideIP netmask 255.255.255.255 0 0

access-list ACL_OUTSIDE permit tcp any host outsideIP eq www

access-group ACL_OUTSIDE in interface outside

When I try to acess the outside IP (public ip ) I get the following lines in the syslog

<166>Jun 17 2004 07:42:02: %PIX-6-302013: Built inbound TCP connection 637 for outside:216.xxx.xxx.xx/1980 (216.xxx.xxx.xx/1980) to inside:172.xx.x.xxx/80 (216.xxx.xxx.xx/80)

<166>Jun 17 2004 07:44:04: %PIX-6-302014: Teardown TCP connection 637 for outside:216.xxx.xxx.xx/1980 to inside:172.xx.x.xxx/80 duration 0:02:01 bytes 0 SYN Timeout

What am I doing wrong ?????

0 Helpful
Customers Also Viewed These Support Documents