Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
5
Helpful
6
Replies

Port Forwarding just a beginner

Go to solution
cozyk1515
Level 1
Level 1

‎02-20-2007 10:27 AM

Need to forward Ports 5900 and 443 to an Internal IP Address on a Pix 501. What would the commands be do make this work?

Also, What if I just wanted to open a port for any internal and external? IE Port 7777.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hoogen_82
Level 4
Level 4

‎02-20-2007 10:44 AM

static (inside,outside) tcp globalip 443 localip 443 netmask 255.255.255.255

In the same way you do it for 5900 port too.

For allowing port 7777 to travel to inside network you need to define an access-list like access-list network-1 permit tcp host 10.1.1.10 host 172.16.1.10 eq 7777 and also give a static nat to allow traffic to reach 172.16.1.10

HTH

Hoogen

Do rate if this helps :)

View solution in original post

6 Replies 6

Go to solution
hoogen_82
Level 4
Level 4

‎02-20-2007 10:44 AM

static (inside,outside) tcp globalip 443 localip 443 netmask 255.255.255.255

In the same way you do it for 5900 port too.

For allowing port 7777 to travel to inside network you need to define an access-list like access-list network-1 permit tcp host 10.1.1.10 host 172.16.1.10 eq 7777 and also give a static nat to allow traffic to reach 172.16.1.10

HTH

Hoogen

Do rate if this helps :)

Go to solution
cozyk1515
Level 1
Level 1
In response to hoogen_82

‎02-20-2007 10:51 AM

Thanks

However, the customer has no idea what the global IP is. Or is this the Wan IP? I thought it would be the wan ip of who it is orginating from. Same for port 7777.

0 Helpful

Go to solution
hoogen_82
Level 4
Level 4
In response to cozyk1515

‎02-20-2007 10:55 AM

Yes this is your public wan ip.

HTH

Hoogen

Do rate if this helps :)

0 Helpful

Go to solution
cozyk1515
Level 1
Level 1
In response to hoogen_82

‎02-20-2007 11:04 AM

So I could do a

static (inside,outside) tcp globalIP 443 any 443 netmask 255.255.255.255

and

access-list outside_in permit tcp any host any eq 7777

0 Helpful

Go to solution
hoogen_82
Level 4
Level 4
In response to cozyk1515

‎02-20-2007 11:10 AM

The first one is all right remember you also need an access-list permiting 443 for that.

And the second one the syntax is wrong i think u probably could use access-list outside_in extended permit tcp any any eq 7777

HTH

Hoogen

Do rate if this helps :)

0 Helpful

Go to solution
cozyk1515
Level 1
Level 1
In response to cozyk1515

‎02-20-2007 11:35 AM

access-list 100 permit tcp any any eq 443

static (inside, outside) tcp globalIP 443 any 443 netmask 255.255.255.255

Does this look better?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents