[fw-wiz] Cisco PIX 501 Help

From: UxBoD <uxbod@xxxxxxxxxxxx>
Date: Mon, 6 Aug 2007 20:56:29 +0100 (BST)

Hi,

Have just been given a couple of 501's to setup at work. Basic configuration has been performed, and that is working fine. The question I have is whether there is anyway to setup 100+ statics, one to one, port mappings using object groups ? My IP setup is as follows :-

outside -> inside -> host
10.7.152.2 -> 10.6.0.200 -> 10.6.0.202

I have a application that uses 30 ports, plus X11, plus remove support via PCanywhere. I have created the ACLs using object groups, but I don't really fancy setting up individual TCP/UDP static entries.

If I use something like :-

static (inside,outside) interface 10.6.0.202 netmask 255.255.255.255 0 0

Then the outside interface SSH server will not work as all traffic gets mapped through too the inside interface :( Obviously we need to support via the outside interface, so is there anyway around it ?

Could I put the SSH on the inside interface and then do something like :-

static (inside,outside) interface 2222 10.6.0.202 22 netmask 255.255.255.255 0 0

so that we just have to connect too port 2222 instead and that will map it through so we can administer the PIX ?

I see on our IOS that we can use access-list on the static mapping, is this a potential use ?

Hope my explanation makes sense ?

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod@xxxxxxxxxxxxxxxx

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Follow-Ups:
- Re: [fw-wiz] Cisco PIX 501 Help
  - From: Fetch, Brandon

Prev by Date: Re: [fw-wiz] Check Point NG FP3 HF2 on Solaris 5.8
Next by Date: Re: [fw-wiz] IPv6 support in firewalls
Previous by thread: Re: [fw-wiz] firewall-wizards Digest, Vol 16, Issue 2
Next by thread: Re: [fw-wiz] Cisco PIX 501 Help
Index(es):
- Date
- Thread

Relevant Pages

[BUG] panic 2.6.20-rc3 in nf_conntrack
... When I shut down my ppp0 interface the kernel ... This kernel had the ipp2p patch from patch-o-matic-ng applied, ... # Firmware Drivers ... # ACPI Support ...
(Linux-Kernel)
Re: Publish Web Server behind SBS 2003 Standard
... Microsoft CSS Online Newsgroup Support ... When opening a new thread via the web interface, ... |> Method 2: Different ports ... |> "Network Connection". ...
(microsoft.public.windows.server.sbs)
Isa/i2c [bug report]
... 00:00.0 Host bridge: VIA Technologies, ... 00:07.1 IDE interface: VIA Technologies, ... Master IDE ... # ACPI Support ...
(Linux-Kernel)
[2.6.25-rc2] e100: Trying to free already-free IRQ 11 during suspend ...
... ACPI: Preparing to enter system sleep state S3 ... Interface is unused normally. ... Enabling unmasked SIMD FPU exception support... ... audit: initializing netlink socket (disabled) ...
(Linux-Kernel)
Re: Poisons question
... the problem of my buttons on my interface would fade until they are ... Ever work in customer service? ... satellite TV company, and when provided tech support for customers, ... I'm not saying Blizzard's tech support is the greatest, ...
(alt.games.warcraft)