• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems port mapping or forwarding on Cisco Pix 506E

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date port mapping or forwarding on Cisco Pix 506E tom.smith.iii 08-05-05  Re: port mapping or forwarding on Cisco Pix 506E Walter Roberson 08-05-05  Re: port mapping or forwarding on Cisco Pix 506E tom.smith.iii 08-08-05  Re: port mapping or forwarding on Cisco Pix 506E tom.smith.iii 08-08-05  Re: port mapping or forwarding on Cisco Pix 506E Walter Roberson 08-08-05  Re: port mapping or forwarding on Cisco Pix 506E tom s 08-08-05  Re: port mapping or forwarding on Cisco Pix 506E Walter Roberson 08-08-05

Posted by on August 5, 2005, 1:30 pm Please log in for more thread options one external IP address is mapped to one internal IP address with the "static (inside, outside) X.X.X.X 10.0.0.140" statement and corresponding access list "access-list acl_out permit tcp any host X.X.X.X eq ftp" What I want to do is have one STATIC statement and then control which ports are mapped by using ACL's. Does anyone know the correct syntax? Thanks!

Posted by Walter Roberson on August 5, 2005, 9:24 pm Please log in for more thread options :one external IP address is mapped to one internal IP address with the :"static (inside, outside) X.X.X.X 10.0.0.140" statement and :corresponding access list "access-list acl_out permit tcp any host :X.X.X.X eq ftp" :What I want to do is have one STATIC statement and then control which :ports are mapped by using ACL's. Does anyone know the correct syntax? You can't quite do that with PIX 6. You need at least two static statements, one for udp and one for tcp. static (inside,outside) tcp X.X.X.X access-list TCP_ACL static (inside,outside) udp X.X.X.X access-list UDP_ACL access-list TCP_ACL permit tcp host 10.0.0.140 eq ftp any access-list UDP_ACL permit udp host 10.0.0.140 eq domain any Note: be sure not to reuse the policy ACLs, such as for the access-list you apply as the access-group. You cannot simply use one 'static' with an ACL that uses tcp or udp statements: the PIX will complain about attempting to inject one protocol into another. -- 'The short version of what Walter said is "You have asked a question which has no useful answer, please reconsider the nature of the problem you wish to solve".' -- Tony Mantler

Posted by on August 8, 2005, 3:47 am Please log in for more thread options So I use one static for tcp and another for udp. Then I could use multiple TCP_ACL access lists for multiple ports and the same for UDP_ACL? I will give it a shot this morning. Thanks Walter!

Posted by on August 8, 2005, 8:45 am Please log in for more thread options I am trying to open some ports so I can test a Polycom Video conf system. It needs 23 consecutive udp ports opened and about 7 tcp ports. Per Walter's reply above I will use two static statements and then several access-list statements (because I can specify port ranges). My problem is that I can't get the syntax down. Any help will be greatly appreciated. I need Internet traffice coming on those ports to be directed to 10.0.0.140. Here is the static statement I tried that didn't work... static (inside, outside) tcp any host access-list TCP_ACL access-list TCP_ACL permit tcp host 10.0.0.140 eq h323 any Where am I going wrong? Sorry to be such a bonehead but it is not often that I have to alter the configs on my firewalls Thanks, Tom.

Posted by Walter Roberson on August 8, 2005, 5:02 pm Please log in for more thread options |:What I want to do is have one STATIC statement and then control which |:ports are mapped by using ACL's. Does anyone know the correct syntax? |static (inside,outside) tcp X.X.X.X access-list TCP_ACL Sorry, having reviewed your message again, I realize that the above was incorrect and that what you want cannot be done. The problem is that the extended version of 'static' must list the outside port: static (inside,outside) tcp X.X.X.X PORT access-list TCP_ACL and that's not going to allow you to select the port based on the contents of TCP_ACL . -- Ceci, ce n'est pas une idée.

Similar Threads	Posted
port mapping or forwarding on Cisco Pix 506E	August 5, 2005, 1:30 pm
Port Forwarding with Cisco 871??	September 25, 2005, 12:58 pm
cisco pix 515 port forwarding - NOT possible? hard to believe..	July 27, 2005, 12:23 am
Cisco 871 router port forwarding	July 12, 2006, 8:41 pm
Cisco PIX 501 port forwarding trouble	September 24, 2006, 10:32 am
Port forwarding from cisco 2600 to ASA-5510	July 20, 2006, 10:23 am
Port Forwarding / VPN Pass-Thru on a Cisco 2800	August 30, 2006, 3:20 pm
port mapping	March 4, 2008, 3:44 am
Port Mapping on a PIX 515	April 3, 2008, 1:49 pm
Cisco 2600 + DSL + Cable -> Failover and port forwarding	July 2, 2008, 12:47 am
port to mac address mapping	March 1, 2006, 2:34 am
swith port id to ip address mapping	November 14, 2005, 7:16 pm
mapping external dynamic ip to internal port	November 9, 2005, 12:57 pm
Port forwarding	February 2, 2006, 3:05 pm
Port forwarding help?	June 4, 2006, 10:23 pm

Contact Us | Privacy Policy