Forwarding incoming udp traffic to a specific internal address on PIX

dmepix · ‎05-20-2003

My question is: How to forward udp port 3283 to a single internal ip address on the PIX 515? This is to allow an internal client to connect to an Apple X-Serve via Apple Remote Desktop.

mostiguy · ‎05-20-2003

It depends. Are you using nat, or not?

Post your whole config, minus the password lines.

dmepix · ‎05-20-2003

Yes I am using nat. I figured there was a command set I wasn't aware of.

Which part of the config would you like to see? I'm required to keep part of it confidential.

mhoda · ‎05-20-2003

Hi,

Do you have a public ip address to translate to Apple X-Serve? If so, here is what you can configure:

static (inside, outside) External_IP Internal_IP

If you don't have any public routable ip then, you can use the outside interface ip address of the PIX to configure port redirection.

static (inside,outside) udp interface 3283 Internal_IP 3283

You need to allow the traffic from outside to inside as follows:

access-list 101 permit udp any host interface_ip/public_ip eq 3283

Then apply it to the outside interface of PIX:

access-group 101 in interface outside

Please let me know if you have any question. Thanks,

Mynul

mhoda · ‎05-20-2003

Please refer to the following link for more details:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml#topic9

Thanks,

Mynul

dmepix · ‎05-21-2003

The static command is exactly what I needed to see. It works now. The documentaiton also proved to be a very good resource. Thank you for your help.