cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
2
Replies

Can I do this - NAT / Static mapping

ross.morrison
Level 1
Level 1

Hi

I would like some help with the following on a PIX.

Currently we have the following -

name 10.2.1.10 XSERVER

static (inside,outside) 192.168.3.1 XSERVER netmask 255.255.255.255

access-list inside_access_in extended permit tcp host XSERVER eq smtp any

access-list inside_access_in extended permit tcp host XSERVER any eq www

access-list inside_access_in extended permit tcp host XSERVER any eq https

access-list inside_access_in extended permit tcp host XSERVER host BWEB eq www

access-list inside_access_in extended permit tcp host XSERVER host BWEB eq https

access-list inside_access_in extended permit tcp host XSERVER any eq 8080

Can we direct anything that comes into 192.168.3.1 on port 80 (only) to the following server ?

name 10.0.1.50 YSERVER

2 Replies 2

acomiskey
Level 10
Level 10

Yes but you have to do it this way

static (inside,outside) tcp 192.168.3.1 smtp XSERVER smtp netmask 255.255.255.255

static (inside,outside) tcp 192.168.3.1 8080 XSERVER 8080 netmask 255.255.255.255

static (inside,outside) tcp 192.168.3.1 https XSERVER https netmask 255.255.255.255

static (inside,outside) tcp 192.168.3.1 www YSERVER www netmask 255.255.255.255

I'm confused by your acl as well. Is this traffic coming from the outside?

Yes its from outside - I kind of inherited this PIX so its a bit of a mess really !

Thanks for your help, I will try it tomorrow.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: