Pix 501 Configuration Issue(s)

Unanswered Question

Hi all.

this is my first post here, and i have never used cisco products until now. I have a Small Business Server 2003R2 running exchange, remote web workplace, sharepoint, etc. i have 1 nic. i've setup the 501 firewall with a public ip, and the server has a private 192.168.1.2

i have setup vpn, but i need to be able to setup/open ports for exchange, remote desktop, etc, to take advantage of all the products on the small business server. I am unclear on how to do this.

i've been reading/researching this on the net for the past few days. are these the right commands to do this:


access-list OUTSIDE_IN permit tcp any interface outside eq 25

access-group OUTSIDE_IN in interface outside

static (inside,outside) tcp interface http 192.168.1.2 http netmask 255.255.255.0


also, i have several more public ips that are available.


thanks for any help/suggestions.

scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 12/27/2007 - 12:46
User Badges:
  • Purple, 4500 points or more

Scott-


Nice job researching as you're 99% of the way there. Since you have more than just the interface IP, you change in the static the interface keyword to the IP address you want to use. You do the same in the ACL. Let's say your public IP's are 1.1.1.1-.4. .1 is assigned to the interface so lets use .2 for Exchange.


static (inside,outside) tcp 1.1.1.2 25 192.168.1.2 25 netmask 255.255.255.255


Then your ACL should change too.


access-list OUTSIDE_IN permit tcp any host 1.1.1.2 eq 25


Note in your static the netmask should be 255.255.255.255. This does a one-to-one NAT which is what you want. Post any other questions you may have.


HTH

Actions

This Discussion