cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
341
Views
0
Helpful
2
Replies

Pix515 problem

lgelinas
Level 1
Level 1

in the following rule:

static (dmz,outside) tcp interface PORT# server port# netmask 255.255.255.255 0 0

Is it possible to state multiple PORT#'s to one port#? If yes, how?

Thanks

unenlightened

1 Accepted Solution

Accepted Solutions

gfullage
Cisco Employee
Cisco Employee

No, you can't do this and the PIX parser won't allow it.

Think about what would happen to traffic if you mapped say, outside ports 40 and 41 to inside port 40. TRaffic coming on either port would both be mapped to port 40 on the inside, no problem there. The return traffic however, would hit the PIX, which then has to decide whether to map it to port 40 or 41 on the outside. The PIX has no way of knowing which one it should be and so it fails.

View solution in original post

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

No, you can't do this and the PIX parser won't allow it.

Think about what would happen to traffic if you mapped say, outside ports 40 and 41 to inside port 40. TRaffic coming on either port would both be mapped to port 40 on the inside, no problem there. The return traffic however, would hit the PIX, which then has to decide whether to map it to port 40 or 41 on the outside. The PIX has no way of knowing which one it should be and so it fails.

Thanks,

a very logical responce...I don't know how I didn't see that?

}^8)