Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX port forward

I have a Pix 515e that I need to forward a port. this should be a simple task but for some reason it is not working. I have attached my config file

I need to forward FTP to mcs-sbs01 I have the nat setup in the config I attached it has ** above and below it to help you find it.

I can't seem to get an access rule that allows traffic through.

3 REPLIES
Silver

Re: PIX port forward

Is your static nat outside ip address related to the outside interface ip?

ip address outside ******.194 255.255.255.192

static (inside,outside) tcp 65.23.46.194 ftp mcs-sbs01 ftp netmask 255.255.255.255 0 0

If so you need to make a small change on the static statement, instead of putting the ip address of the outside interface use the keyword interface

static (inside,outside) tcp interface ftp mcs-sbs01 ftp netmask 255.255.255.255 0 0

HTH

Hoogen

Do rate if this post helps :)

New Member

Re: PIX port forward

The outside interface has multiple addresses, i got the normal ftp (21) working going to add a ACL for ftp-data(20) and see if passive mode works

New Member

Re: PIX port forward

adding an ACL for port 20 did not fix my data port error on FTP

if I add the following two ACL's will this fix my problem?

access-list inside_access_in permit host 192.168.1.221 eq ftp any established

access-list inside_access_in permit host 192.168.1.221 eq ftp-data any established

142
Views
0
Helpful
3
Replies
CreatePlease to create content