Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Forwarding

Hi there!

We are trying to configure a pix firewall 506e to redirect outside traffic to an inside machine.

We're using the following commands:

static (inside,outside) tcp 82.173.121.53 1417 192.168.10.137 1417 netmask 255.255.255.255

static (inside,outside) tcp 82.173.121.53 1418 192.168.10.137 1418 netmask 255.255.255.255

static (inside,outside) tcp 82.173.121.53 1419 192.168.10.137 1419 netmask 255.255.255.255

static (inside,outside) tcp 82.173.121.53 1420 192.168.10.137 1420 netmask 255.255.255.255

static (inside,outside) udp 82.173.121.53 407 192.168.10.137 407 netmask 255.255.255.255

access-list outside-inbound permit tcp any interface outside eq 1417

access-list outside-inbound permit tcp any interface outside eq 1418

access-list outside-inbound permit tcp any interface outside eq 1419

access-list outside-inbound permit tcp any interface outside eq 1420

access-list outside-inbound permit udp any interface outside eq 407

access-group outside-inbound in interface outside

We can see received packets on the hit count of the access list but only udp and we can't connect anyway.

access-list outside-inbound line 1 permit tcp any interface outside eq 1417 (hitcnt=0)

access-list outside-inbound line 2 permit tcp any interface outside eq 1418 (hitcnt=0)

access-list outside-inbound line 3 permit tcp any interface outside eq 1419 (hitcnt=0)

access-list outside-inbound line 4 permit tcp any interface outside eq 1420 (hitcnt=0)

access-list outside-inbound line 5 permit udp any interface outside eq 407 (hitcnt=1)

Thanks,

David

2 REPLIES
New Member

Re: Port Forwarding

Hi,

Please paste the relevant part of the config that would include :

inside access lists , nat and the global statement.

Raj

New Member

Re: Port Forwarding

hello Raj

here are all the acl?s

access-list inside_access_in permit ip 192.168.10.0 255.255.255.0 any

access-list inside_access_in permit ip 192.168.20.0 255.255.255.0 any

access-list inside_access_in permit ip 192.168.40.0 255.255.255.0 any

access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list outside_cryptomap_100 permit ip host mvxapp host 10.23.125.185

access-list acl_intentia_ipsec permit ip 10.23.125.184 255.255.255.248 host intentia-host

access-list static-intentia-srv1 permit ip host mvxapp host intentia-host

access-list static-intentia-srv2 permit ip host 192.168.10.12 host intentia-host

access-list nat-intentia-srv1 permit ip host mvxapp host intentia-host

access-list nat-intentia-srv2 permit ip host 192.168.10.12 host intentia-host

access-list split-labicer-admin permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list split-labicer-admin permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list acl_valorceram_ipsec permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list acl_valorceram_ipsec permit ip 192.168.40.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list outside-inbound permit tcp any interface outside eq 1417

access-list outside-inbound permit tcp any interface outside eq 1418

access-list outside-inbound permit tcp any interface outside eq 1419

access-list outside-inbound permit tcp any interface outside eq 1420

access-list outside-inbound permit udp any interface outside eq 407

here are the nat and global statments

global (outside) 5 10.23.125.185

global (outside) 6 10.23.125.186

global (outside) 10 interface

global (outside) 7 10.23.125.187

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 5 access-list nat-intentia-srv1 0 0

nat (inside) 6 access-list nat-intentia-srv2 0 0

nat (inside) 10 192.168.10.0 255.255.255.0 0 0

104
Views
0
Helpful
2
Replies