Port Forwarding just a beginner

Answered Question
Feb 20th, 2007

Need to forward Ports 5900 and 443 to an Internal IP Address on a Pix 501. What would the commands be do make this work?

Also, What if I just wanted to open a port for any internal and external? IE Port 7777.

Thanks

I have this problem too.
0 votes
Correct Answer by hoogen_82 about 9 years 7 months ago

static (inside,outside) tcp globalip 443 localip 443 netmask 255.255.255.255

In the same way you do it for 5900 port too.

For allowing port 7777 to travel to inside network you need to define an access-list like access-list network-1 permit tcp host 10.1.1.10 host 172.16.1.10 eq 7777 and also give a static nat to allow traffic to reach 172.16.1.10

HTH

Hoogen

Do rate if this helps :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
hoogen_82 Tue, 02/20/2007 - 10:44

static (inside,outside) tcp globalip 443 localip 443 netmask 255.255.255.255

In the same way you do it for 5900 port too.

For allowing port 7777 to travel to inside network you need to define an access-list like access-list network-1 permit tcp host 10.1.1.10 host 172.16.1.10 eq 7777 and also give a static nat to allow traffic to reach 172.16.1.10

HTH

Hoogen

Do rate if this helps :)

cozyk1515 Tue, 02/20/2007 - 10:51

Thanks

However, the customer has no idea what the global IP is. Or is this the Wan IP? I thought it would be the wan ip of who it is orginating from. Same for port 7777.

hoogen_82 Tue, 02/20/2007 - 10:55

Yes this is your public wan ip.

HTH

Hoogen

Do rate if this helps :)

cozyk1515 Tue, 02/20/2007 - 11:04

So I could do a

static (inside,outside) tcp globalIP 443 any 443 netmask 255.255.255.255

and

access-list outside_in permit tcp any host any eq 7777

hoogen_82 Tue, 02/20/2007 - 11:10

The first one is all right remember you also need an access-list permiting 443 for that.

And the second one the syntax is wrong i think u probably could use access-list outside_in extended permit tcp any any eq 7777

HTH

Hoogen

Do rate if this helps :)

cozyk1515 Tue, 02/20/2007 - 11:35

access-list 100 permit tcp any any eq 443

static (inside, outside) tcp globalIP 443 any 443 netmask 255.255.255.255

Does this look better?

Actions

This Discussion