02-12-2009 05:57 AM - edited 02-21-2020 03:17 AM
Hi all,
I think i know the answer to this but i will try anyway, i support a pix 506e ver 6.1(4) (yes i know its old), which has been fine for what it needs to do for the last several years. However i now need to open a range of ports to a host on the internal network. I know how to setup a mapping for a small number of ports ( i use access-lists and static in,out) however i cannot see if there is a way to include a range of ports in the static command. Is this possible ?. If not is there another way that could be used. Ive used the range command in the access-list but cannot see how to tie this into a static command. There is no current maintenance on this pix.
I can provide a listing if required. I've done a google for various ideas but nothing comes up apart from the obvious upgrade solution.
02-12-2009 09:29 AM
Unfortunately, note even upgrading your pix will your be able to tie a range or ports to a single static entry. You will need to use static port mapping for each of the ports on the range.
02-12-2009 02:12 PM
Thanks for the reply. I'm not sure i fully understand it though. There must be a way of port forwarding a range of ports other than by access-list and static mapping to particular internal hosts. I know pix ver 6.3 has object-groups (?) that can be used. All i want to do is portward a very large number of ports to one particular host (in the order of 10000).
02-12-2009 02:18 PM
Sorry, I wish I could give you anonther answer, there is no way to do a port forward via a static for a range of ports other than adding each port with the static port map:
http://www.cisco.com/en/US/docs/security/pix/pix61/command/reference/s.html#wp1026694
Your best option would be to just create a one to one translation which will cover all of the ports in the range
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: