Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515 port forward

Hi All,

My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is

Internet--InternetSwitch--Pix515--DMZ

Any Clues for configuration??/

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX515 port forward

Hello Sohail,

Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1

static (dmz,outside) tcp interface 80 192.168.1.2 80

access-list outside_access_in permit tcp any interface outside eq 80

access-group outside_access_in in interface outside

Regards

5 REPLIES

Re: PIX515 port forward

Hello Sohail,

Here is an example for tcp 80 port forwarding. Considering that you properly configured outside interface IP as 1.1.1.1

static (dmz,outside) tcp interface 80 192.168.1.2 80

access-list outside_access_in permit tcp any interface outside eq 80

access-group outside_access_in in interface outside

Regards

New Member

Re: PIX515 port forward

I want to elaborate more.

my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet, also 192.168.1.2 will access my inside server farm 192.168.3.x network

Appreciate ur ans..

Re: PIX515 port forward

"my public ip is 1.1.1.1/24, out of this /24 i want to use lets say 1.1.1.2 as forwarding to my dmz 192.168.1.2 server with any port, so 1.1.1.2 will not be used on any host just a forwarder. Then 192.168.1.2 shld also be natted as 1.1.1.2 to internet"

Below config will achieve what you want above

static (dmz,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255

But I didnt understand this part

"also 192.168.1.2 will access my inside server farm 192.168.3.x network "

New Member

Re: PIX515 port forward

ignore that part, wz pasted by mistake,

i craeted static as u told.

then created

acl_outside_in permit ip any host 1.1.1.2

when tried to ping 1.1.1.2 didnt able to capture anything.. i can reach only to my wan ip

Re: PIX515 port forward

For ping, you should include

acl_outside_in permit icmp any host 1.1.1.2 echo

151
Views
0
Helpful
5
Replies
CreatePlease login to create content