RE: [fw-wiz] Cisco PIX query

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 02/23/04

  • Next message: Baumann, Sean C.: "RE: [fw-wiz] Sources for Extranet Designs?"
    To: "ADSL-Nerd" <adslnerd@pacific.net.sg>, <firewall-wizards@honor.icsalabs.com>
    Date: Mon, 23 Feb 2004 08:48:33 -0500
    
    

    > -----Original Message-----
    > Is it possible to perform NAT/PAT as seen below: (If there's
    > such commands)
    >
    > static (inside,outside) 203.82.170.93 TCP 443 102.165.2.9 TCP
    > 443 netmask 255.255.255.255 0 0 static (inside,outside)
    > 203.82.170.91 TCP 25 102.165.2.9 TCP 25 netmask 255.255.255.255 0 0
    >
    > Any other ways to do this in PIX?

    You're on the right track. PAT port redirection is the only way I know of to get what you're asking for from a PIX. The syntax for the rules above would look like this:

    static (inside,outside) tcp 203.82.170.93 https 102.165.2.9 https netmask 255.255.255.255 0 0
    static (inside,outside) tcp 203.82.170.91 smtp 102.165.2.9 smtp netmask 255.255.255.255 0 0

    Because you are doing this from the outside in, you will need complimentary access-list commands to allow the traffic. You will also want to be sure that the outside addresses aren't also used in a global pool, another static that doesn't use specific ports, or the address of the outside interface. (You can use the outside interface address, just replace '203.82.170.93' with 'interface' in the static rule(s).)

    PaulM

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Baumann, Sean C.: "RE: [fw-wiz] Sources for Extranet Designs?"