Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
7
Replies

PIX501 NATing

shawvoel
Level 1
Level 1

‎04-18-2006 10:07 PM - edited ‎03-09-2019 02:39 PM

Hi All Expert,

Need help on the PIX501 NATing.

If I need to configure static NAT which source from outside traffic to inside LAN, I can used static command map the public IP to my internal IP, if I only need to map from port number 5500 to 5800, how can I do that?

Can I group a range of ports and assign to static command or how?

Please help.

Thank you.

Rgds,

Au Yeong Shaw Voel

Labels:
0 Helpful
7 Replies 7

shawvoel
Level 1
Level 1

‎04-18-2006 10:18 PM

Hi All Expert,

Here I attach my configuration, how can I add the new configuration in it?

Do it affect my current configuration?

Rgds,

Au Yeong Shaw Voel

Preview file
4 KB
0 Helpful

Patrick Laidlaw
Level 4
Level 4
In response to shawvoel

‎04-18-2006 11:20 PM

Hello,

To clarify this are you wanting to translate the public ip address port from 5500 to the private address 5800. The command to do this would be:

static (inside,outside) tcp x.x.x.x 5500.z.z.z.z 5800 netmask 255.255.255.255

This will efectivly redirect connections to x.x.x.x on port 5500 to the inside address z.z.z.z port 58000.

Patrick

Please rate any posts that are helpful.

0 Helpful

shawvoel
Level 1
Level 1
In response to Patrick Laidlaw

‎04-19-2006 12:27 AM

Hi Patrick,

Sorry to confuse you.

I want to map a range from port 5500 to port 5800 to my public IP which is NAT to my local IP. And the easire way to do this.

static (inside, outside) tcp x.x.x.x 5500 z.z.z.z 5500 netmask 255.255.255.255

.........................

.........................

static (inside, outside) tcp x.x.x.x 5800 z.z.z.z 5800 netmask 255.255.255.255

Do I need to add every single statement from port 5500 to 5800?

Thank you.

Rgds,

Au Yeong Shaw Voel

0 Helpful

globalnettech
Level 5
Level 5
In response to shawvoel

‎04-19-2006 05:17 AM

Hello,

I think you can define an access list with your static nat statement, which would look like thsi:

static (inside,outside) x.x.x.x access-list TCP_PORT_RANGE

!

access-list TCP_PORT_RANGE permit tcp host x.x.x.x host z.z.z.z range 5500 5800

Can you try this and see if it works for your purpose ?

Regards,

GNT

0 Helpful

shawvoel
Level 1
Level 1
In response to globalnettech

‎04-20-2006 12:26 AM

Hi GNT,

I got an error massage when I execute static command,

ERROR: cannot translate from IP protocol tcp to IP protocol ip

Can help on this?

Thank you.

Rgds,

Au Yeong Shaw Voel

0 Helpful

globalnettech
Level 5
Level 5
In response to shawvoel

‎04-20-2006 03:56 AM

Hello Au,

I think you have to switch 'inside' and 'outside':

static (outside,inside) x.x.x.x access-list TCP_PORT_RANGE

!

access-list TCP_PORT_RANGE permit tcp any host x.x.x.x range 5500 5800

x.x.x.x would be the internal IP address.

Regards,

GNT

0 Helpful

shawvoel
Level 1
Level 1
In response to globalnettech

‎04-20-2006 08:38 PM

Hi GNT,

Sorry, again still prompt the same error,

ERROR: cannot translate from IP protocol tcp to IP protocol ip

Could this be the access-list is tcp?

Rgds,

Au Yeong Shaw Voel

0 Helpful
Customers Also Viewed These Support Documents