PIX-501 Port Forward and Client VPN Question

philip.tsang · ‎06-14-2003

Dear all

We are using PIX-501 and one Web Server. How can i forward TCP Port 80 to my web server ?

And i am using Cisco VPN Client 3.63b, but i lost the download link, could you tell me again the link ? and have any page introduce more detail about vpn connecting of PIX-501 and Cisco VPN Client , such as document, sample .. etc.

Thanks you for your help

Philip

gfullage · ‎06-15-2003

Assuming you have only one IP address, and that IP address is used on your outside interface, the following will map TCP port 80 on that IP address to your nternal server at 10.1.1.1:

> static (inside,outside) tcp interface 80 10.1.1.1 80 netmask 255.255.255.0

Then you need to add a access-list to allow connections into that address with:

> access-list inbound permit tcp any interface outside 80

> access-group inbound in interface outside

Note you need to be running 6.3 code on the PIX to use the "interface outside" keyword in an access-list. If you get a static IP address on your outside interface from your ISP, then you can replace the "interface outside" keywords above with "host x.x.x.x", where x.x.x.x is your outside IP address.

The VPN client is available from here:

http://www.cisco.com/kobayashi/sw-center/vpn/client/

And a sample config is here:

http://www.cisco.com/warp/public/110/pix3000.html

Command reference for the "vpngroup" command is here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524