Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pix multiple port re-direct sanity check

Am I correct in my findings that it is not possible to configure an external ip addresses on two different ports say 80 and 8081 re-directing to a single inside address port 80. Pix generates "overlap" errors when attempting to configure this. Background info - the application running on port 80 on the inside is not accessed by a browser. All comments welcome - especially work-arounds. Config excerpts can be provided on request.

Barry.

  • Other Security Subjects
4 REPLIES
Gold

Re: pix multiple port re-direct sanity check

Barry,

Have you read the following document on Port Re-direction:

http://www.cisco.com/warp/public/707/28.html

Let me know and if possible can you post your config - remember to exclude real IPs and passwords etc.

Jay

New Member

Re: pix multiple port re-direct sanity check

Jay,

thanks for your speedy reply - I looked at the document you suggested previously but checked it again and it doesn't include an example of exactly what I am trying to do. It's close but not quite the same. Please see attched. I've just included the relevant fragments. If I've missed something important let me know.

Barry.

New Member

Re: pix multiple port re-direct sanity check

your command appears to be correct.

the error message seems to indicate that there is an existing static that conflicts with the one you are trying to map.

Are you sure you removed all conflicting static routes for either end point?

New Member

Re: pix multiple port re-direct sanity check

Patrick,

as the access-list shows this device is being accessed from the internet - therefore I have no control over this route. The other route is defined by the target device having it's default gateway set as the PIX. The conflict is because the target of both re-directs is the same ip address:port combination. I'm still open to suggestions !

Barry.

98
Views
0
Helpful
4
Replies