[fw-wiz] NAT a range of TCP ports to an internal IP address on pix 506E

From: "Chris Smith" <chris.smith@xxxxxxxxxxx>
Date: Wed, 23 Jan 2008 10:50:55 -0800

Best regards firewall list readers!

We have a Cisco pix 506E running software version 6.3 (5)

We also have a VOIP server on the internal network at 192.168.1.6. We need to NAT a range of TCP ports to this VOIP server. The port range is 49152 through 49214.

The connections come in from the internet and need to be natted through the pix to this internal VOIP server.
We believe we already have the access list rules in place to allow the connections. We just need a translation rule to allow this group of ports.

The IP address of the internal interface on the pix is 192.168.1.2

The command that is not working is:

static (inside,outside) x.x.x.x 192.168.1.6

We are currently getting this error when trying to setup the rule.

WARNING: mapped-address conflict with existing static
tcp from inside:server/80 to outside:x.x.x.x/80 netmask 255.255.255.2
55
WARNING: mapped-address conflict with existing static
tcp from inside:server/25 to outside:x.x.x.x/25 netmask 255.255.255.2
55
WARNING: mapped-address conflict with existing static
tcp from inside:server/110 to outside:x.x.x.x/110 netmask 255.255.255
.255

Any insight is appreciated.
Thanks to all.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Follow-Ups:
- Re: [fw-wiz] NAT a range of TCP ports to an internal IP address on pix 506E
  - From: kevin horvath

Prev by Date: Re: [fw-wiz] Enforcing content filtering with PIX515E
Next by Date: Re: [fw-wiz] NAT a range of TCP ports to an internal IP address on pix 506E
Previous by thread: [fw-wiz] Implementing ISP load balancing with netscreen firewalls
Next by thread: Re: [fw-wiz] NAT a range of TCP ports to an internal IP address on pix 506E
Index(es):
- Date
- Thread

Relevant Pages

Re: Backups HELP!
... I have rerun the backup wizard many times, ... Warning: Unable to open "C:\Documents and Settings\Administrator\Local ... Settings\Temporary Internet Files\Content.IE5\desktop.ini" - skipped. ... Reason: Access is denied. ...
(microsoft.public.windows.server.sbs)
RE: Router Internet Monitoring
... Problem with Pix is it is logging literally everything, ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ... Modeled after the famous Black Hat event in ...
(Security-Basics)
RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason
... Well, after researching, configuring, reconfiguring, and just a bit ... the vpn client through the SecureWay firewall. ... The PiX is outside the firewall, on its own line/lines (explained in a ... the vpn eventually) can access the internet fine. ...
(Firewall-Wizards)
RE: Router Internet Monitoring
... Problem with Pix is it is logging literally everything, ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ... Modeled after the famous Black Hat event in ...
(Firewall-Wizards)
[fw-wiz] RE: Router Internet Monitoring
... Problem with Pix is it is logging literally everything, ... fully explored filtering, we use Kiwi Syslog Daemon for logging but the file ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ...
(Firewall-Wizards)