Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix515 problem

in the following rule:

static (dmz,outside) tcp interface PORT# server port# netmask 255.255.255.255 0 0

Is it possible to state multiple PORT#'s to one port#? If yes, how?

Thanks

unenlightened

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Pix515 problem

No, you can't do this and the PIX parser won't allow it.

Think about what would happen to traffic if you mapped say, outside ports 40 and 41 to inside port 40. TRaffic coming on either port would both be mapped to port 40 on the inside, no problem there. The return traffic however, would hit the PIX, which then has to decide whether to map it to port 40 or 41 on the outside. The PIX has no way of knowing which one it should be and so it fails.

2 REPLIES
Cisco Employee

Re: Pix515 problem

No, you can't do this and the PIX parser won't allow it.

Think about what would happen to traffic if you mapped say, outside ports 40 and 41 to inside port 40. TRaffic coming on either port would both be mapped to port 40 on the inside, no problem there. The return traffic however, would hit the PIX, which then has to decide whether to map it to port 40 or 41 on the outside. The PIX has no way of knowing which one it should be and so it fails.

New Member

Re: Pix515 problem

Thanks,

a very logical responce...I don't know how I didn't see that?

}^8)

86
Views
0
Helpful
2
Replies