PIX 535: port forwarding newb problem

Hi folks, I need some help.

Trying to setup port forwarding for an app. for the first time on a

535:

I need to port forward a DMZ subnet on int dmz_v904 (eth3), forwarding all ports >1023 to host A.A.A.A to port 60199 on inside int (eth1).

e.g.

name A.A.A.A server

object-group network vpn-pool description *** VPN dial client pool addresses *** network-object B.B.B.B 255.x.x.x object-group service Tivoli tcp port-object eq 60199

*********THIS IS WHERE I NEED HELP****************

access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A gt

1023 access-list inside permit tcp host aansso1tmra00 object-group vpn-pool object-group Tivoli

is my syntax correct? and what else must I do?

All help very much appreciated.

Reply to
douglas.j.watt
Loading thread data ...

Think I've sorted the problem with the help from a friend.

Was told I only need to apply one rule to the source interface, as below:

access-list dmz_v904 permit tcp object-group vpn-pool host A.A.A.A eq

60199

This should forward all permitted source subnet traffic on TCP 60199 to the destination A.A.A.A server on the inside interface.

Reply to
douglas.j.watt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.