Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Multiple Port Forwarding @ PIX 6.3

Multiple Port Forwarding @ PIX 6.3 9 years 4 months ago #21705

  • blackswans
  • blackswans's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
I know how to do it when it is only one port but when it is say 2000-2120 UDP of course I cannot enter 120 commands. How can I do that in PDM or CLI ? thanks
The administrator has disabled public write access.

Re: Multiple Port Forwarding @ PIX 6.3 9 years 4 months ago #21710

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Pretty sure you cannot do that within the static command. The way i would do it is to map the ip to ip without the ports and then control access through the Access-list where you can then specify a range of ports within the access-list

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Multiple Port Forwarding @ PIX 6.3 9 years 4 months ago #21711

  • blackswans
  • blackswans's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
so you say me to make a static nat and forward all ports? is that true what I understand ?
The administrator has disabled public write access.

Re: Multiple Port Forwarding @ PIX 6.3 9 years 4 months ago #21716

  • semper
  • semper's Avatar
  • Offline
  • Frequent Member
  • Posts: 39
  • Karma: 0
As smurf said, you can do a one-to-one nat and control the access via access-lists, such as:

static(dmz,outside) 4.4.4.4 192.168.1.1 255.255.255.255
access-list permit tcp any host 4.4.4.4 range 2020 2120

or you can create 120 static commands on the pix.
The administrator has disabled public write access.

Re: Multiple Port Forwarding @ PIX 6.3 9 years 4 months ago #21719

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Yes, as per semper's example :)

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Multiple Port Forwarding @ PIX 6.3 9 years 4 months ago #21729

  • blackswans
  • blackswans's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
yes but then if I do that can anyone still surf the net?
arent there any way to do that with ACL?
I see there is an ACL option with static (inside,outside) command but I dont know if it works and how to do that?
thanks

Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]

[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup