PIX515 port forward

Answered Question
Feb 22nd, 2009
User Badges:

Hi All,

My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is


Internet--InternetSwitch--Pix515--DMZ


Any Clues for configuration??/

Correct Answer by husycisco about 8 years 3 months ago

Hello Sohail,

Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1


static (dmz,outside) tcp interface 80 192.168.1.2 80

access-list outside_access_in permit tcp any interface outside eq 80

access-group outside_access_in in interface outside


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
husycisco Sun, 02/22/2009 - 09:13
User Badges:
  • Gold, 750 points or more

Hello Sohail,

Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1


static (dmz,outside) tcp interface 80 192.168.1.2 80

access-list outside_access_in permit tcp any interface outside eq 80

access-group outside_access_in in interface outside


Regards

sohaildxbfze Sun, 02/22/2009 - 10:10
User Badges:

I want to elaborate more.


my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet, also 192.168.1.2 will access my inside server farm 192.168.3.x network

Appreciate ur ans..

husycisco Sun, 02/22/2009 - 13:28
User Badges:
  • Gold, 750 points or more

"my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet"

Below config will achieve what you want above


static (dmz,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255


But I didnt understand this part

"also 192.168.1.2 will access my inside server farm 192.168.3.x network "

sohaildxbfze Mon, 02/23/2009 - 07:13
User Badges:

ignore that part, wz pasted by mistake,

i craeted static as u told.

then created


acl_outside_in permit ip any host 1.1.1.2

when tried to ping 1.1.1.2 didnt able to capture anything.. i can reach only to my wan ip

husycisco Mon, 02/23/2009 - 09:59
User Badges:
  • Gold, 750 points or more

For ping, you should include

acl_outside_in permit icmp any host 1.1.1.2 echo

Actions

This Discussion