Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Portmapping all traffic into port range

Hello,

I´m trying to remake this BSD:

map ep0 172.16.0.0/16 -> 216.68.250.60/32 portmap tcp/udp 10000:20000

line says go ahead and map all tcp/udp traffic right on through the interface and assign each out bound "connection" a port from 10000 to 20000

in Cisco PIX configuration. Can someone please tell me how? I´m looking to documentation and still do not have a clue.

Thank you very much,

Marek

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Portmapping all traffic into port range

First of all, what version are you running on the PIX, second, I not sure who gave you the instruction but its a really strange description and you might want to go back to them and tell them I understand English not bla,bla,bla, map ep0 172.16.0.0/16 -> 216.68.250.60/32 portmap tcp/udp 10000:20000.

Julio is right, if you are obligated to translate your 172.16.0.0/24 to 216.68.250.60 when you are destine to anyone on the Internet then the configuration he last sent you is correct.

access-list In_Out permit tcp 172.16.0.0  255.255.0.0 any range 10000 20000

access-list In_Out permit udp 172.16.0.0 255.255.255.0 any range 10000 20000

nat (inside) 1 access-list In_Out

global (outside) 1 216.68.250.60

FYI: This is a configuration example, if you believe that this could affect your production firewall please send us the configuration or just make sure that you don't already have a "nat (inside) 1" by doing a "show run nat" or "show nat" depending on the version.

Details are what make the difference from us giving you the correct answer because if what I stated before this line is not true then we are giving you the incorrect answer.

Please recap with the people that sent you this request.

FYI: Learning takes time so I believe that it is great that you have questions and we are here to help you!!!

Value our effort and rate the assistance!
8 REPLIES

Portmapping all traffic into port range

Hello Marek,

access-list In_Out permit tcp 172.16.0.0  255.255.0.0 any

access-list In_Out permit udp 172.16.0.0 255.255.255.0 any

nat (inside) 1 access-list In_Out

  global (outside) 1 216.68.250.60

Regards,

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Portmapping all traffic into port range

Hello Julio,

but where is that port range in your commands?

Thank you,

Marek

Super Bronze

Portmapping all traffic into port range

Hi,

There is no port range in the above configuration. You said you use PIX which leads me to believe that you are not able to even achieve this. I mean choose the mapped port range with which the hosts will be visible to the external network.

The newer software (which is not supported on PIX) has some possibilities but no clean way to achieve this to my understanding. I think there has been some mention of an Enhancement Request which asks to include an option to choose the port range used for a Dynamic PAT translation.

- Jouni

New Member

Portmapping all traffic into port range

Hi Jouni,

maybe I don´t understand the original, for me it´s like: "Take all ports from inside network and remap it to ports 10000-20000 on the outside interface."

Thanks,

MArek

Portmapping all traffic into port range

Hello Marek,

access-list In_Out permit tcp 172.16.0.0  255.255.0.0 any range 10000 20000

access-list In_Out permit udp 172.16.0.0 255.255.255.0 any range 10000 -20000

nat (inside) 1 access-list In_Out

  global (outside) 1 216.68.250.60

I mean that is the configuration if the inside devices are the ones inittiating the connection,

If that is not what you are looking for then explain yourself

Regards,

Jcarvaja

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Silver

Portmapping all traffic into port range

First of all, what version are you running on the PIX, second, I not sure who gave you the instruction but its a really strange description and you might want to go back to them and tell them I understand English not bla,bla,bla, map ep0 172.16.0.0/16 -> 216.68.250.60/32 portmap tcp/udp 10000:20000.

Julio is right, if you are obligated to translate your 172.16.0.0/24 to 216.68.250.60 when you are destine to anyone on the Internet then the configuration he last sent you is correct.

access-list In_Out permit tcp 172.16.0.0  255.255.0.0 any range 10000 20000

access-list In_Out permit udp 172.16.0.0 255.255.255.0 any range 10000 20000

nat (inside) 1 access-list In_Out

global (outside) 1 216.68.250.60

FYI: This is a configuration example, if you believe that this could affect your production firewall please send us the configuration or just make sure that you don't already have a "nat (inside) 1" by doing a "show run nat" or "show nat" depending on the version.

Details are what make the difference from us giving you the correct answer because if what I stated before this line is not true then we are giving you the incorrect answer.

Please recap with the people that sent you this request.

FYI: Learning takes time so I believe that it is great that you have questions and we are here to help you!!!

Value our effort and rate the assistance!
Silver

Portmapping all traffic into port range

Please update the ticket as resolved or answered so we can close out followup.

Value our effort and rate the assistance!
New Member

Portmapping all traffic into port range

I´m sorry I´ve been on vacation. Thank you very much, now it is solved.

231
Views
9
Helpful
8
Replies
CreatePlease login to create content