Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
5
Replies

PIX515 port forward

Go to solution
sohaildxbfze
Level 1
Level 1

‎02-22-2009 02:50 AM - edited ‎03-11-2019 07:54 AM

Hi All,

My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is

Internet--InternetSwitch--Pix515--DMZ

Any Clues for configuration??/

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
husycisco
Level 7
Level 7

‎02-22-2009 09:13 AM

Hello Sohail,

Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1

static (dmz,outside) tcp interface 80 192.168.1.2 80

access-list outside_access_in permit tcp any interface outside eq 80

access-group outside_access_in in interface outside

Regards

View solution in original post

0 Helpful
5 Replies 5

Go to solution
husycisco
Level 7
Level 7

‎02-22-2009 09:13 AM

Hello Sohail,

Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1

static (dmz,outside) tcp interface 80 192.168.1.2 80

access-list outside_access_in permit tcp any interface outside eq 80

access-group outside_access_in in interface outside

Regards

0 Helpful

Go to solution
sohaildxbfze
Level 1
Level 1

‎02-22-2009 10:10 AM

I want to elaborate more.

my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet, also 192.168.1.2 will access my inside server farm 192.168.3.x network

Appreciate ur ans..

0 Helpful

Go to solution
husycisco
Level 7
Level 7
In response to sohaildxbfze

‎02-22-2009 01:28 PM

"my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet"

Below config will achieve what you want above

static (dmz,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255

But I didnt understand this part

"also 192.168.1.2 will access my inside server farm 192.168.3.x network "

0 Helpful

Go to solution
sohaildxbfze
Level 1
Level 1
In response to husycisco

‎02-23-2009 07:13 AM

ignore that part, wz pasted by mistake,

i craeted static as u told.

then created

acl_outside_in permit ip any host 1.1.1.2

when tried to ping 1.1.1.2 didnt able to capture anything.. i can reach only to my wan ip

0 Helpful

Go to solution
husycisco
Level 7
Level 7
In response to sohaildxbfze

‎02-23-2009 09:59 AM

For ping, you should include

acl_outside_in permit icmp any host 1.1.1.2 echo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card