Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
5
Replies

Is it possible to redirect a particular traffic to an IP?

akin_lopez
Level 1
Level 1

‎05-31-2006 08:22 AM

Hi guys,

I will PIX gurus to tell me if it is possible to have a particular traffic from my inside network going to a particular port (maybe http) redirected to a particular IP and port.

e.g

inside to outside (destination any IP port 80 redirect to destination y.y.y.y port 8080)

y.y.y.y will be a particular IP.

thanks guys

Labels:
0 Helpful
5 Replies 5

mpalardy
Level 3
Level 3

‎05-31-2006 10:31 AM

Hi Akin,

Do you need to browse with http://y.y.y.y:8080 to access your outside server?

access-list inside permit tcp any host y.y.y.y eq 8080

access-group inside in interface inside

Is this what you want to do?

If you have version 7.x you may give a try to this command. (I've personnaly never done this but does someone can say if I'm right)

static (outside,inside) y.y.y.y 80 y.y.y.y 8080 netmask 255.255.255.255

Mike

0 Helpful

cpembleton
Level 4
Level 4

‎05-31-2006 12:39 PM

You can change the source IP and port but I do not think there is a way to change the destination. You can use the static commands to map an outside ip and port to and internal ip and port.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278e.html#wp1090663

To do want your looking to do you'll have to find some other hardware/software. There are a number of options depending on what you are trying to do.

0 Helpful

akin_lopez
Level 1
Level 1
In response to cpembleton

‎06-01-2006 12:03 AM

Thanks guys,

Actually what i am trying to do is to intercept all port 80 traffic from inside to the internet (regardless of the destination) and redirect it to a particular IP and port (e.g y.y.y.y port 8080) something like a proxy and spyware filtering engine. and it doesn't support wccp. (i would have used that)

any ideas?

0 Helpful

cpembleton
Level 4
Level 4
In response to akin_lopez

‎06-01-2006 05:45 AM

Why not just use the proxy settings in the web brower.

0 Helpful

cpembleton
Level 4
Level 4
In response to akin_lopez

‎06-01-2006 09:26 AM

You may be able to use the alias command to change the destination address to your proxy server. However, I don't think you can change the port. If your doing external DNS lookups the alias command can be used to change the response. It can also change the destination address as it passes through the pix.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

0 Helpful
Customers Also Viewed These Support Documents