Port Forwarding

Unanswered Question
Sep 18th, 2007

Hi there!

We are trying to configure a pix firewall 506e to redirect outside traffic to an inside machine.

We're using the following commands:

static (inside,outside) tcp 82.173.121.53 1417 192.168.10.137 1417 netmask 255.255.255.255

static (inside,outside) tcp 82.173.121.53 1418 192.168.10.137 1418 netmask 255.255.255.255

static (inside,outside) tcp 82.173.121.53 1419 192.168.10.137 1419 netmask 255.255.255.255

static (inside,outside) tcp 82.173.121.53 1420 192.168.10.137 1420 netmask 255.255.255.255

static (inside,outside) udp 82.173.121.53 407 192.168.10.137 407 netmask 255.255.255.255

access-list outside-inbound permit tcp any interface outside eq 1417

access-list outside-inbound permit tcp any interface outside eq 1418

access-list outside-inbound permit tcp any interface outside eq 1419

access-list outside-inbound permit tcp any interface outside eq 1420

access-list outside-inbound permit udp any interface outside eq 407

access-group outside-inbound in interface outside

We can see received packets on the hit count of the access list but only udp and we can't connect anyway.

access-list outside-inbound line 1 permit tcp any interface outside eq 1417 (hitcnt=0)

access-list outside-inbound line 2 permit tcp any interface outside eq 1418 (hitcnt=0)

access-list outside-inbound line 3 permit tcp any interface outside eq 1419 (hitcnt=0)

access-list outside-inbound line 4 permit tcp any interface outside eq 1420 (hitcnt=0)

access-list outside-inbound line 5 permit udp any interface outside eq 407 (hitcnt=1)

Thanks,

David

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rajbhatt Tue, 09/18/2007 - 03:51

Hi,

Please paste the relevant part of the config that would include :

inside access lists , nat and the global statement.

Raj

yupinho Wed, 09/19/2007 - 02:49

hello Raj

here are all the acl?s

access-list inside_access_in permit ip 192.168.10.0 255.255.255.0 any

access-list inside_access_in permit ip 192.168.20.0 255.255.255.0 any

access-list inside_access_in permit ip 192.168.40.0 255.255.255.0 any

access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list outside_cryptomap_100 permit ip host mvxapp host 10.23.125.185

access-list acl_intentia_ipsec permit ip 10.23.125.184 255.255.255.248 host intentia-host

access-list static-intentia-srv1 permit ip host mvxapp host intentia-host

access-list static-intentia-srv2 permit ip host 192.168.10.12 host intentia-host

access-list nat-intentia-srv1 permit ip host mvxapp host intentia-host

access-list nat-intentia-srv2 permit ip host 192.168.10.12 host intentia-host

access-list split-labicer-admin permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list split-labicer-admin permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list acl_valorceram_ipsec permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list acl_valorceram_ipsec permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list outside-inbound permit tcp any interface outside eq 1417

access-list outside-inbound permit tcp any interface outside eq 1418

access-list outside-inbound permit tcp any interface outside eq 1419

access-list outside-inbound permit tcp any interface outside eq 1420

access-list outside-inbound permit udp any interface outside eq 407

here are the nat and global statments

global (outside) 5 10.23.125.185

global (outside) 6 10.23.125.186

global (outside) 10 interface

global (outside) 7 10.23.125.187

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 5 access-list nat-intentia-srv1 0 0

nat (inside) 6 access-list nat-intentia-srv2 0 0

nat (inside) 10 192.168.10.0 255.255.255.0 0 0

Actions

This Discussion