Hi All,
I have a PIX 501 6.3(4) working well except for a problem with PAT entries. They appear to be working like static NAT IP mappings instead of PAT. I need to have requests on 222.333.34.99 on port 3389 forwarded to internal host 192.168.0.2, but it goes to 192.168.0.1. I'm not sure what I am doing wrong. Any help is greatly appreciated!
Addresses are fake (obviously).
name 192.168.0.1 Server01 access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable access-list 100 permit tcp any host 222.333.34.99 eq smtp access-list 100 permit tcp any host 222.333.34.99 eq 4899 access-list 100 permit tcp any host 222.333.34.99 eq 3389 access-list 100 permit tcp any host 222.333.34.99 eq telnet access-list 100 permit tcp any host 222.333.34.99 eq www access-list 100 permit tcp any host 222.333.34.99 eq https access-list 100 permit tcp any host 222.333.34.100 eq 4899 access-list 100 permit tcp any host 222.333.34.100 eq 5023 access-list inside_outbound_nat0_acl permit ip any 192.168.0.224 255.255.255.240 access-list outside_cryptomap_dyn_20 permit ip any 192.168.0.224 255.255.255.240 pager lines 24 logging on logging buffered errors mtu outside 1500 mtu inside 1500 ip address outside 222.333.34.98 255.255.255.248 ip address inside 192.168.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool vpnpool1 192.168.0.224-192.168.0.239 arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 222.333.34.99 smtp Server01 smtp netmask
255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.99 telnet Server01 telnet netmask 255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.99 www Server01 www netmask 255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.99 https Server01 https netmask 255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.99 3389 192.168.0.2 3389 netmask 255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.100 4899 192.168.0.100 4899 netmask 255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.100 5023 192.168.0.101 5023 netmask 255.255.255.255 0 0 static (inside,outside) tcp 222.333.34.99 4899 Server01 4899 netmask 255.255.255.255 0 0 access-group 100 in interface outside