Mapping incoming ports to different NAT addresses on PIX

Unanswered Question
Apr 20th, 2007

Hello all

Can i use the extendable keyword on the pix firewall to map incoming ports to NAT private lan addresses? if yes, what is important to know before to do that. If not, how can i do that ?

Will be good if i will have any example

Thank you !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick Iseli Sat, 04/21/2007 - 16:09

This feature is called Port Address Translation or PAT.

All port that are connecting to your outside interface IP address are forwarded, translated, to an induviual inside private IP.

example:

access-list acl_out permit tcp any interface outside eq http

access-list acl_out permit tcp any interface outside eq smtp

access-group acl_out in interface outside

static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0

static (inside,outside) tcp interface smtp 192.168.1.23 smtp netmask 255.255.255.255 0 0

Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

sincerely

Patrick

Actions

This Discussion