PortForwarding in PIX515

Unanswered Question
Feb 22nd, 2009
User Badges:

Hi All,

My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is


Internet--InternetSwitch--Pix515--DMZ


Any Clues for configuration??/

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 02/23/2009 - 03:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

As an example we'll port forward http (tcp port 80).


1) if 1.1.1.1 is the outside interface address of your pix


static (dmz,outside) tcp interface 80 192.168.1.2 80 netmask 255.255.255.255


2) if 1.1.1.1 is just a spare address you have


static (dmz,outside) tcp 1.1.1.1 80 192.168.1.2 80 netmask 255.255.255.255


note you need to use the interface name in your configuration so i have assumed your DMZ interface is called dmz ie. static (dmz,outside) .... If it is called something else use that.


You then need to update your acl or create one if you haven't already got one


access-list outside_in permit tcp any host 1.1.1.1 eq 80


access-group outside_in in interface outside


Jon

Jon Marshall Mon, 02/23/2009 - 03:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

outside_in is just a name i usually call an acl applied to the outside interface. Doesn't matter what name you use as long as you apply it to the outside interface ie.


access-group in inteface outside


Jon

Actions

This Discussion