PIX: Port-Redirection problem

Unanswered Question
May 26th, 2008
User Badges:

Hello,


I have to setup two port redirections on our PIX. I need this two redirections:


Outside-IP 212.6.1.1 to SSN 10.10.10.2

for port 443 (HTTPS).


Outside-IP 212.6.1.1 to SSN 10.10.10.253 for port 23 (Telnet).


The access should be possible from any source IP address (not only specific hosts).


I think, first I have to add to static routes. I've got already one:

static (SSN,outside) 212.6.1.1 10.10.10.2 netmask 255.255.255.255


But I cannot add a second static router for 10.10.10.253. Any idea what I have to do to get this work?


Thank you!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.sir Mon, 05/26/2008 - 01:45
User Badges:
  • Gold, 750 points or more

You can use static PAT for that - it means traffic for port 433 will be redirected to 10.10.10.2 and traffic for telnet to 10.10.10.253


static (SSN,outside) tcp 212.6.1.1 443 10.10.10.2 443 netmask 255.255.255.255

static (SSN,outside) tcp 212.6.1.1 23 10.10.10.253 23 netmask 255.255.255.255


M.

Hope that helps rate if it does

CNTSYSNETAG Mon, 05/26/2008 - 03:52
User Badges:

Thank you! Do I also have to create Access-Lists or are these static routes enough to get this work?

m.sir Mon, 05/26/2008 - 04:01
User Badges:
  • Gold, 750 points or more

Yes you need permit traffic with ACL

access-list out_in permit tcp any host 212.6.1.1 443

access-list out_in permit tcp any host 212.6.1.1 23

access-group out_in interface outside in

M.

CNTSYSNETAG Mon, 05/26/2008 - 23:55
User Badges:

Hello,


thank you, but I get the following errors when I try to add the access lists:


access-list out_in permit tcp any host 212.6.1.1 23

^

ERROR: % Invalid input detected at '^' marker.

(Invalid input at "23")


Result of the command: "access-group out_in interface outside in"


access-group out_in interface outside in

^

ERROR: % Invalid input detected at '^' marker.

(Invalid input at "t" from word "interface")

Actions

This Discussion