Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PortForwarding in PIX515

Hi All,

My ip is 1.1.1.1 this ip is forwarded to my leased line link from SP. Now i want to confgiure this ip with port forwarding in order to point to my server(192.168.1.2) in DMZ. My topology is

Internet--InternetSwitch--Pix515--DMZ

Any Clues for configuration??/

3 REPLIES
Hall of Fame Super Blue

Re: PortForwarding in PIX515

As an example we'll port forward http (tcp port 80).

1) if 1.1.1.1 is the outside interface address of your pix

static (dmz,outside) tcp interface 80 192.168.1.2 80 netmask 255.255.255.255

2) if 1.1.1.1 is just a spare address you have

static (dmz,outside) tcp 1.1.1.1 80 192.168.1.2 80 netmask 255.255.255.255

note you need to use the interface name in your configuration so i have assumed your DMZ interface is called dmz ie. static (dmz,outside) .... If it is called something else use that.

You then need to update your acl or create one if you haven't already got one

access-list outside_in permit tcp any host 1.1.1.1 eq 80

access-group outside_in in interface outside

Jon

New Member

Re: PortForwarding in PIX515

outside_in is it DMZ_outside_in or meant outside_in

Hall of Fame Super Blue

Re: PortForwarding in PIX515

outside_in is just a name i usually call an acl applied to the outside interface. Doesn't matter what name you use as long as you apply it to the outside interface ie.

access-group in inteface outside

Jon

109
Views
0
Helpful
3
Replies