02-22-2009 02:49 AM - edited 03-04-2019 03:40 AM
Hi All,
My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is
Internet--InternetSwitch--Pix515--DMZ
Any Clues for configuration??/
02-23-2009 03:06 AM
As an example we'll port forward http (tcp port 80).
1) if 1.1.1.1 is the outside interface address of your pix
static (dmz,outside) tcp interface 80 192.168.1.2 80 netmask 255.255.255.255
2) if 1.1.1.1 is just a spare address you have
static (dmz,outside) tcp 1.1.1.1 80 192.168.1.2 80 netmask 255.255.255.255
note you need to use the interface name in your configuration so i have assumed your DMZ interface is called dmz ie. static (dmz,outside) .... If it is called something else use that.
You then need to update your acl or create one if you haven't already got one
access-list outside_in permit tcp any host 1.1.1.1 eq 80
access-group outside_in in interface outside
Jon
02-23-2009 03:23 AM
outside_in is it DMZ_outside_in or meant outside_in
02-23-2009 03:31 AM
outside_in is just a name i usually call an acl applied to the outside interface. Doesn't matter what name you use as long as you apply it to the outside interface ie.
access-group
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide