RE: [fw-wiz] Cisco PIX query

MHawkins_at_TULLIB.COM
Date: 02/23/04

Next message: Melson, Paul: "RE: [fw-wiz] Cisco PIX query"

Previous message: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Maybe in reply to: ADSL-Nerd: "[fw-wiz] Cisco PIX query"
Next in thread: Melson, Paul: "RE: [fw-wiz] Cisco PIX query"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: adslnerd@pacific.net.sg, firewall-wizards@honor.icsalabs.com
Date: Mon, 23 Feb 2004 08:19:17 -0500

Yes you can do port translation. From version 6 only.

But your syntax is incorrect.

Here it is:

static (inside,outside) tcp 203.82.170.93 www 102.165.2.9 www netmask
255.255.255.255 0 0
static (inside,outside) tcp 203.82.170.93 443 102.165.2.9 443 netmask
255.255.255.255 0 0

That should do it.

Michael A Hawkins

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of ADSL-Nerd
Sent: Sunday, February 22, 2004 9:04 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Cisco PIX query

Hi guys,

I've got a query on Cisco PIX, here's the background info:

Cisco PIX 515, 6.22

I've got the following static mapping in the PIX as seen below:

static (inside,outside) 203.82.170.93 102.165.2.9 netmask 255.255.255.255 0
0 static (inside,outside) 203.82.170.91 102.165.2.7 netmask 255.255.255.255
0 0

I'm trying to map the two public IPs 203.82.170.93 and 203.82.170.91 to the
same private IP 102.165.2.9 (Technically this is not possible).

IP 203.82.170.93 is permitted for 443 (SSL)
IP 203.82.170.91 is permitted for 25 (SMTP)

Is it possible to perform NAT/PAT as seen below: (If there's such commands)

static (inside,outside) 203.82.170.93 TCP 443 102.165.2.9 TCP 443 netmask
255.255.255.255 0 0 static (inside,outside) 203.82.170.91 TCP 25 102.165.2.9
TCP 25 netmask 255.255.255.255 0 0

Any other ways to do this in PIX?

Please advice.

Thanks.
James

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Melson, Paul: "RE: [fw-wiz] Cisco PIX query"

Previous message: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Maybe in reply to: ADSL-Nerd: "[fw-wiz] Cisco PIX query"
Next in thread: Melson, Paul: "RE: [fw-wiz] Cisco PIX query"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]