Solved: Re: Pix515 problem

lgelinas · ‎12-17-2002

in the following rule:

static (dmz,outside) tcp interface PORT# server port# netmask 255.255.255.255 0 0

Is it possible to state multiple PORT#'s to one port#? If yes, how?

Thanks

unenlightened

gfullage · ‎12-17-2002

No, you can't do this and the PIX parser won't allow it.

Think about what would happen to traffic if you mapped say, outside ports 40 and 41 to inside port 40. TRaffic coming on either port would both be mapped to port 40 on the inside, no problem there. The return traffic however, would hit the PIX, which then has to decide whether to map it to port 40 or 41 on the outside. The PIX has no way of knowing which one it should be and so it fails.

View solution in original post

gfullage · ‎12-17-2002

No, you can't do this and the PIX parser won't allow it.

Think about what would happen to traffic if you mapped say, outside ports 40 and 41 to inside port 40. TRaffic coming on either port would both be mapped to port 40 on the inside, no problem there. The return traffic however, would hit the PIX, which then has to decide whether to map it to port 40 or 41 on the outside. The PIX has no way of knowing which one it should be and so it fails.

lgelinas · ‎12-18-2002

Thanks,

a very logical responce...I don't know how I didn't see that?

}^8)