12-18-2007 09:23 AM - edited 03-03-2019 07:58 PM
I need to send static pat ports to the same internal IP and port
ACl's are
access-list inbound permit tcp any host 209.7.209.242 eq 8084
access-list inbound permit tcp any host 209.7.209.242 eq www
And the static pat staements are:
static (inside,outside) tcp 209.7.209.242 www 10.0.0.3 www netmask 255.255.255.255 0 0
however when i try to add the second pat statement
static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0
I get this error message:
ERROR: duplicate of existing static
I assume this is because of the alrady static mapped port 80.
Is there any way around this?
Basicly i need to send 2 different outside ports to the same inside IP and port
Thanks Guys!!!
Marcas
Solved! Go to Solution.
12-18-2007 10:52 AM
I don't think you'll be able to port redirect on same port 80 in this way at least from a firewall perspective, but.. would like to hear from others on a work around which would probably be on the server side, does 8084 realy needs to be redirected to 80, why not on different port other than 80, say 8080 and have the server listening on this port as well.. then your static could be something like this:
static (inside,outside) tcp 209.7.209.242 80 10.0.0.3 80
static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8080
Rgds
Jorge
12-18-2007 09:29 AM
you are not matching tcp ports,
static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0
I get this error message:
ERROR: duplicate of existing static
try
static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8084 netmask 255.255.255.255
Rgds
Jorge
12-18-2007 09:37 AM
Thanks for the quick repli,
Correct, I'm trying to send 2 different outside ports to the same inside port
static (inside,outside) tcp 209.7.209.242 www 10.0.0.3 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0
In other words, i want both ports 80 and 8084 to go to port 80
that why i'm looking for a work around.
12-18-2007 10:52 AM
I don't think you'll be able to port redirect on same port 80 in this way at least from a firewall perspective, but.. would like to hear from others on a work around which would probably be on the server side, does 8084 realy needs to be redirected to 80, why not on different port other than 80, say 8080 and have the server listening on this port as well.. then your static could be something like this:
static (inside,outside) tcp 209.7.209.242 80 10.0.0.3 80
static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8080
Rgds
Jorge
12-18-2007 11:06 AM
Thanks Again.. The client could not tell me why 8084 was being redirected to port 80, and port 80 was being redirected to port 80 on their old firewall. After checking the server. It wasnt evening listing on this port. Buy leaving out the 8084 entry, this problems solved itself.
Thanks Again guys!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: