Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
4
Replies

Pix 501 6.3(4) Static pat

Go to solution
marcas.rice
Level 1
Level 1

‎12-18-2007 09:23 AM - edited ‎03-03-2019 07:58 PM

I need to send static pat ports to the same internal IP and port

ACl's are

access-list inbound permit tcp any host 209.7.209.242 eq 8084

access-list inbound permit tcp any host 209.7.209.242 eq www

And the static pat staements are:

static (inside,outside) tcp 209.7.209.242 www 10.0.0.3 www netmask 255.255.255.255 0 0

however when i try to add the second pat statement

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0

I get this error message:

ERROR: duplicate of existing static

I assume this is because of the alrady static mapped port 80.

Is there any way around this?

Basicly i need to send 2 different outside ports to the same inside IP and port

Thanks Guys!!!

Marcas

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to marcas.rice

‎12-18-2007 10:52 AM

I don't think you'll be able to port redirect on same port 80 in this way at least from a firewall perspective, but.. would like to hear from others on a work around which would probably be on the server side, does 8084 realy needs to be redirected to 80, why not on different port other than 80, say 8080 and have the server listening on this port as well.. then your static could be something like this:

static (inside,outside) tcp 209.7.209.242 80 10.0.0.3 80

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8080

Rgds

Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎12-18-2007 09:29 AM

you are not matching tcp ports,

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0

I get this error message:

ERROR: duplicate of existing static

try

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8084 netmask 255.255.255.255

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
marcas.rice
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-18-2007 09:37 AM

Thanks for the quick repli,

Correct, I'm trying to send 2 different outside ports to the same inside port

static (inside,outside) tcp 209.7.209.242 www 10.0.0.3 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0

In other words, i want both ports 80 and 8084 to go to port 80

that why i'm looking for a work around.

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to marcas.rice

‎12-18-2007 10:52 AM

I don't think you'll be able to port redirect on same port 80 in this way at least from a firewall perspective, but.. would like to hear from others on a work around which would probably be on the server side, does 8084 realy needs to be redirected to 80, why not on different port other than 80, say 8080 and have the server listening on this port as well.. then your static could be something like this:

static (inside,outside) tcp 209.7.209.242 80 10.0.0.3 80

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8080

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
marcas.rice
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-18-2007 11:06 AM

Thanks Again.. The client could not tell me why 8084 was being redirected to port 80, and port 80 was being redirected to port 80 on their old firewall. After checking the server. It wasnt evening listing on this port. Buy leaving out the 8084 entry, this problems solved itself.

Thanks Again guys!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card