I must add here that it's been a year since I did any PIX work, and that , once again, I find it all very obscure and non-intuitive, but I thought I had a clear sense of statics .... I can't yet make any sense out of what I posted below. ( static (dmz,outside) 220.127.116.11 18.104.22.168 netmask 255.255.255.255)
I started to play with the newer ASA and then backed off. I still cant get any SSH client (0 for 3 ) to connect to the old PIX....and you'll see in a future post I'm having trouble opening up a hole into a new server behind the wall with a static/access list combo ...at least I'm learning how to use Kiwi and syslog....why the *&(& didn't Cisco emphasise the need for "TRAP" in their docs ? Many thanks for any pointers.
forwards -all- ports for the IP address, and is still completely valid.
If someone sends a packet to the outside interface addressed to
22.214.171.124 then (outside ACL permitting) the packet will be forwarded to IP address 126.96.36.199 on the DMZ, with the port number unchanged.
If someone sends a packet out of the dmz interface with a source address of 188.8.131.52 then (dmz ACL permitting) the packet will be forwarded out the outside interface with a source IP address of 184.108.40.206, with the port number unchanged.