PortForwarding in PIX515

sohaildxbfze · ‎02-22-2009

Hi All,

My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is

Internet--InternetSwitch--Pix515--DMZ

Any Clues for configuration??/

Jon Marshall · ‎02-23-2009

As an example we'll port forward http (tcp port 80).

1) if 1.1.1.1 is the outside interface address of your pix

static (dmz,outside) tcp interface 80 192.168.1.2 80 netmask 255.255.255.255

2) if 1.1.1.1 is just a spare address you have

static (dmz,outside) tcp 1.1.1.1 80 192.168.1.2 80 netmask 255.255.255.255

note you need to use the interface name in your configuration so i have assumed your DMZ interface is called dmz ie. static (dmz,outside) .... If it is called something else use that.

You then need to update your acl or create one if you haven't already got one

access-list outside_in permit tcp any host 1.1.1.1 eq 80

access-group outside_in in interface outside

Jon

sohaildxbfze · ‎02-23-2009

outside_in is it DMZ_outside_in or meant outside_in

Jon Marshall · ‎02-23-2009

outside_in is just a name i usually call an acl applied to the outside interface. Doesn't matter what name you use as long as you apply it to the outside interface ie.

access-group in inteface outside

Jon