Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Multiple Port Forwarding @ PIX 6.3

Multiple Port Forwarding @ PIX 6.3 11 years 2 months ago #21705

I know how to do it when it is only one port but when it is say 2000-2120 UDP of course I cannot enter 120 commands. How can I do that in PDM or CLI ? thanks

Re: Multiple Port Forwarding @ PIX 6.3 11 years 2 months ago #21710

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
Pretty sure you cannot do that within the static command. The way i would do it is to map the ip to ip without the ports and then control access through the Access-list where you can then specify a range of ports within the access-list

Cheers

Re: Multiple Port Forwarding @ PIX 6.3 11 years 2 months ago #21711

so you say me to make a static nat and forward all ports? is that true what I understand ?

Re: Multiple Port Forwarding @ PIX 6.3 11 years 2 months ago #21716

As smurf said, you can do a one-to-one nat and control the access via access-lists, such as:

static(dmz,outside) 4.4.4.4 192.168.1.1 255.255.255.255
access-list permit tcp any host 4.4.4.4 range 2020 2120

or you can create 120 static commands on the pix.

Re: Multiple Port Forwarding @ PIX 6.3 11 years 2 months ago #21719

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
Yes, as per semper's example :)

Cheers

Re: Multiple Port Forwarding @ PIX 6.3 11 years 2 months ago #21729

yes but then if I do that can anyone still surf the net?
arent there any way to do that with ACL?
I see there is an ACL option with static (inside,outside) command but I dont know if it works and how to do that?
thanks

Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]

[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
  • Page:
  • 1
  • 2
Time to create page: 0.161 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup