PIX version 6.2
I need to allow the following ports:
TCP 1720
TCP & UDP 3230-3237
From 130.63.63.11 and 130.63.63.115 to an internal host with an address of 192.168.1.150. External/Public pix interface for the sake of this example is 50.50.50.50. So far I have
access-list video_in permit tcp host 130.63.63.11 host 50.50.50.50 eq 1720
access-list video_in permit tcp host 130.63.63.115 host 50.50.50.50 eq 1720
access-list video_in permit tcp host 130.63.63.11 host 50.50.50.50 range 3230 3237
access-list video_in permit tcp host 130.63.63.115 host 50.50.50.50 range 3230 3237
access-list video_in permit udp host 130.63.63.11 host 50.50.50.50 range 3230 3237
access-list video_in permit udp host 130.63.63.115 host 50.50.50.50 range 3230 3237
access-group video_in in interface outside
From what I've read this should allow the proper port ranges through my pix. Assuming the above configuration is correct, I believe I need a static command to forward external port specific traffic but I can't seem to get the command correct. Can anyone shed some light on this matter for me?
static (inside,outside) 50.50.50.50 192.168.1.150 netmask 255.255.255.255 0 0
I tried inserting the above command but that caused every host on my internal network to not have internet communication. I believe its causing all traffic coming in on 50.50.50.50 to be forwarded to my internal host 192.168.1.150. Is there any way to make the above static command port specific?
As far as my configuration goes (im not 100% on my terminology) but I believe Im running PAT (one public IP address shared by many internal hosts) if that helps at all.
Thanks in advance.
I need to allow the following ports:
TCP 1720
TCP & UDP 3230-3237
From 130.63.63.11 and 130.63.63.115 to an internal host with an address of 192.168.1.150. External/Public pix interface for the sake of this example is 50.50.50.50. So far I have
access-list video_in permit tcp host 130.63.63.11 host 50.50.50.50 eq 1720
access-list video_in permit tcp host 130.63.63.115 host 50.50.50.50 eq 1720
access-list video_in permit tcp host 130.63.63.11 host 50.50.50.50 range 3230 3237
access-list video_in permit tcp host 130.63.63.115 host 50.50.50.50 range 3230 3237
access-list video_in permit udp host 130.63.63.11 host 50.50.50.50 range 3230 3237
access-list video_in permit udp host 130.63.63.115 host 50.50.50.50 range 3230 3237
access-group video_in in interface outside
From what I've read this should allow the proper port ranges through my pix. Assuming the above configuration is correct, I believe I need a static command to forward external port specific traffic but I can't seem to get the command correct. Can anyone shed some light on this matter for me?
static (inside,outside) 50.50.50.50 192.168.1.150 netmask 255.255.255.255 0 0
I tried inserting the above command but that caused every host on my internal network to not have internet communication. I believe its causing all traffic coming in on 50.50.50.50 to be forwarded to my internal host 192.168.1.150. Is there any way to make the above static command port specific?
As far as my configuration goes (im not 100% on my terminology) but I believe Im running PAT (one public IP address shared by many internal hosts) if that helps at all.
Thanks in advance.