Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

No traffic passing over a inbound port redirection

the setup : pix 501 with 1 public IP, 10 internal IP

trying to redirect http://public_ip:85 to internal webserver port 80.

I used static and access-list to do the port redirection.

access-list acl_out permit tcp any host 1.2.3.4 eq 85 (hitcnt=6)

static (inside,outside) tcp interface 85 192.168.1.100 www netmask 255.255.255.255 0 0

When trying to access http://public_ip:85 from externally...

show xlate is ...

PAT Global 1.2.3.4(85) Local 192.168.1.100(80)

show conn is ...

TCP out 12.225.151.29:16745 in 192.168.1.190:80 idle 0:00:03 Bytes 0 flags SaAB

Any help would be appreciated, I believe everything is configured correctly, there is just no data moving back and forth. Thanks.

3 REPLIES
New Member

Re: No traffic passing over a inbound port redirection

HI.

> TCP out 12.225.151.29:16745 in 192.168.1.190:80 idle 0:00:03 Bytes 0 flags SaAB

As you can see here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/s.htm#1026157

The "flags SaAB" tells us that this is an embryonic connection - the external host has sent his SYN, but the internal host didn't respond.

This means - check the web server configuration.

Is port 80 open at the server?

Check the default gateway of the server - should be the pix inside.

Yizhar

New Member

Re: No traffic passing over a inbound port redirection

Hi Yizhar,

Thanks very much, this fixed it. The internal webserver had a default gateway of 0.0.0.0. How'd you get so smart?

Re: No traffic passing over a inbound port redirection

Hi,

just to make sure: did you apply the access-list to the outside interface?

If not, use this command:

access-group acl_out in interface outside

Hope this help.

Kind Regards,

Tom

239
Views
0
Helpful
3
Replies
CreatePlease to create content