Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pix 501 6.3(4) Static pat

I need to send static pat ports to the same internal IP and port

ACl's are

access-list inbound permit tcp any host 209.7.209.242 eq 8084

access-list inbound permit tcp any host 209.7.209.242 eq www

And the static pat staements are:

static (inside,outside) tcp 209.7.209.242 www 10.0.0.3 www netmask 255.255.255.255 0 0

however when i try to add the second pat statement

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0

I get this error message:

ERROR: duplicate of existing static

I assume this is because of the alrady static mapped port 80.

Is there any way around this?

Basicly i need to send 2 different outside ports to the same inside IP and port

Thanks Guys!!!

Marcas

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Pix 501 6.3(4) Static pat

I don't think you'll be able to port redirect on same port 80 in this way at least from a firewall perspective, but.. would like to hear from others on a work around which would probably be on the server side, does 8084 realy needs to be redirected to 80, why not on different port other than 80, say 8080 and have the server listening on this port as well.. then your static could be something like this:

static (inside,outside) tcp 209.7.209.242 80 10.0.0.3 80

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8080

Rgds

Jorge

4 REPLIES

Re: Pix 501 6.3(4) Static pat

you are not matching tcp ports,

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0

I get this error message:

ERROR: duplicate of existing static

try

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8084 netmask 255.255.255.255

Rgds

Jorge

Community Member

Re: Pix 501 6.3(4) Static pat

Thanks for the quick repli,

Correct, I'm trying to send 2 different outside ports to the same inside port

static (inside,outside) tcp 209.7.209.242 www 10.0.0.3 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 www netmask 255.255.255.255 0 0

In other words, i want both ports 80 and 8084 to go to port 80

that why i'm looking for a work around.

Re: Pix 501 6.3(4) Static pat

I don't think you'll be able to port redirect on same port 80 in this way at least from a firewall perspective, but.. would like to hear from others on a work around which would probably be on the server side, does 8084 realy needs to be redirected to 80, why not on different port other than 80, say 8080 and have the server listening on this port as well.. then your static could be something like this:

static (inside,outside) tcp 209.7.209.242 80 10.0.0.3 80

static (inside,outside) tcp 209.7.209.242 8084 10.0.0.3 8080

Rgds

Jorge

Community Member

Re: Pix 501 6.3(4) Static pat

Thanks Again.. The client could not tell me why 8084 was being redirected to port 80, and port 80 was being redirected to port 80 on their old firewall. After checking the server. It wasnt evening listing on this port. Buy leaving out the 8084 entry, this problems solved itself.

Thanks Again guys!!!

461
Views
0
Helpful
4
Replies
CreatePlease to create content