Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
3
Replies

Need help with Pix 515E 6.3(5)

dfernandez
Level 1
Level 1

‎02-01-2006 09:24 AM - edited ‎02-21-2020 12:41 AM

Hi,

Sorry for my very bad english. ¿Spanish support?

PIX 515E 6.3(5)

outside: 172.19.16.1

inside: 10.3.1.1

router to internet: 172.19.16.2

The internet router forward all ports to pix outside interface.

I need to configure a "public terminal server" with ip address 10.3.1.3.

How I configure PIX to port forwarding traffic on port 3389 to 10.3.1.3?

Thanks.

Diego Fernández

0 Helpful
3 Replies 3

mpalardy
Level 3
Level 3

‎02-01-2006 11:56 AM

!Hola! Sinor Fernandez,

To access TS from outside, in order you will need to configure the pix just like this:

1-Make a publication of your internal host to the outside interface. Make sure 10.3.1.3 is routable from the outside router.

static (inside, outside) 10.3.1.3 10.3.1.3 netmask 255.255.255.255

2-Add an ACL to permit traffic going from the outside intf to the inside network

access-list outside permit tcp any host 10.3.1.3 eq 3389

3-Bind the outside access-list to the outside intf

access-group outside in interface outside

There's information under these links:

Access-list configuration guide

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1067755

Static configuration guide

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

!HL!

Mike

0 Helpful

dfernandez
Level 1
Level 1
In response to mpalardy

‎02-02-2006 05:29 AM

Sorry, the config no run.

If the internet router forward port 3389 to 10.3.1.3 I can connect to server, because de internet router is forwarding all traffic to interface outside (172.19.16.1).

I need configure PIX for forwarding traffice on port 3389 to 10.3.1.3

¿How to NAPT port 3389 to 10.3.1.3?

Very thanks.

0 Helpful

mpalardy
Level 3
Level 3
In response to dfernandez

‎02-02-2006 08:09 AM

To help you, here's 2 samples from Cisco web site regarding port forwarding.

1)The static command provides the translation for Telnet. The nat and global commands provide PAT for all other outbound connections from the server.

If you have a separate translation for all inside traffic that uses a different global address, you can still configure the Telnet server to use the same address as the static statement by creating a more exclusive nat statement just for that server. Because nat statements are read for the best match, more exclusive nat statements are matched before general statements.

static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255

nat (inside) 1 10.1.1.15 255.255.255.255

global (outside) 1 10.1.2.14 netmask 255.255.255.255

nat (inside) 2 0.0.0.0 0.0.0.0

global (outside) 2 10.1.2.78 netmask 255.255.255.255

2)To translate a well-known port (80) to another port (8080), enter:

static (inside,outside) tcp 10.1.2.45 80 10.1.1.16 8080 netmask 255.255.255.255

HTH

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card