Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Can I do this - NAT / Static mapping

Hi

I would like some help with the following on a PIX.

Currently we have the following -

name 10.2.1.10 XSERVER

static (inside,outside) 192.168.3.1 XSERVER netmask 255.255.255.255

access-list inside_access_in extended permit tcp host XSERVER eq smtp any

access-list inside_access_in extended permit tcp host XSERVER any eq www

access-list inside_access_in extended permit tcp host XSERVER any eq https

access-list inside_access_in extended permit tcp host XSERVER host BWEB eq www

access-list inside_access_in extended permit tcp host XSERVER host BWEB eq https

access-list inside_access_in extended permit tcp host XSERVER any eq 8080

Can we direct anything that comes into 192.168.3.1 on port 80 (only) to the following server ?

name 10.0.1.50 YSERVER

2 REPLIES
Green

Re: Can I do this - NAT / Static mapping

Yes but you have to do it this way

static (inside,outside) tcp 192.168.3.1 smtp XSERVER smtp netmask 255.255.255.255

static (inside,outside) tcp 192.168.3.1 8080 XSERVER 8080 netmask 255.255.255.255

static (inside,outside) tcp 192.168.3.1 https XSERVER https netmask 255.255.255.255

static (inside,outside) tcp 192.168.3.1 www YSERVER www netmask 255.255.255.255

I'm confused by your acl as well. Is this traffic coming from the outside?

Community Member

Re: Can I do this - NAT / Static mapping

Yes its from outside - I kind of inherited this PIX so its a bit of a mess really !

Thanks for your help, I will try it tomorrow.

234
Views
0
Helpful
2
Replies
CreatePlease to create content