02-22-2009 02:50 AM - edited 03-11-2019 07:54 AM
Hi All,
My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is
Internet--InternetSwitch--Pix515--DMZ
Any Clues for configuration??/
Solved! Go to Solution.
02-22-2009 09:13 AM
Hello Sohail,
Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1
static (dmz,outside) tcp interface 80 192.168.1.2 80
access-list outside_access_in permit tcp any interface outside eq 80
access-group outside_access_in in interface outside
Regards
02-22-2009 09:13 AM
Hello Sohail,
Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1
static (dmz,outside) tcp interface 80 192.168.1.2 80
access-list outside_access_in permit tcp any interface outside eq 80
access-group outside_access_in in interface outside
Regards
02-22-2009 10:10 AM
I want to elaborate more.
my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet, also 192.168.1.2 will access my inside server farm 192.168.3.x network
Appreciate ur ans..
02-22-2009 01:28 PM
"my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet"
Below config will achieve what you want above
static (dmz,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255
But I didnt understand this part
"also 192.168.1.2 will access my inside server farm 192.168.3.x network "
02-23-2009 07:13 AM
ignore that part, wz pasted by mistake,
i craeted static as u told.
then created
acl_outside_in permit ip any host 1.1.1.2
when tried to ping 1.1.1.2 didnt able to capture anything.. i can reach only to my wan ip
02-23-2009 09:59 AM
For ping, you should include
acl_outside_in permit icmp any host 1.1.1.2 echo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: