PIX port forward

Unanswered Question
May 30th, 2007
User Badges:

I have a Pix 515e that I need to forward a port. this should be a simple task but for some reason it is not working. I have attached my config file

I need to forward FTP to mcs-sbs01 I have the nat setup in the config I attached it has ** above and below it to help you find it.

I can't seem to get an access rule that allows traffic through.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hoogen_82 Thu, 05/31/2007 - 10:04
User Badges:
  • Silver, 250 points or more

Is your static nat outside ip address related to the outside interface ip?

ip address outside ******.194

static (inside,outside) tcp ftp mcs-sbs01 ftp netmask 0 0

If so you need to make a small change on the static statement, instead of putting the ip address of the outside interface use the keyword interface

static (inside,outside) tcp interface ftp mcs-sbs01 ftp netmask 0 0



Do rate if this post helps :)

plank1111 Thu, 05/31/2007 - 10:22
User Badges:

The outside interface has multiple addresses, i got the normal ftp (21) working going to add a ACL for ftp-data(20) and see if passive mode works

plank1111 Thu, 05/31/2007 - 10:48
User Badges:

adding an ACL for port 20 did not fix my data port error on FTP

if I add the following two ACL's will this fix my problem?

access-list inside_access_in permit host eq ftp any established

access-list inside_access_in permit host eq ftp-data any established


This Discussion