Cisco PIX PAT problem?

[matthijsNL]

Hello can somebody help me?

I've a Cisco PIX firewall (OS 7.0(4):
1. one public address 209.165.202.130
2. inside network 10.100.1.x/24
3 I use NAT/PAT

I've a webserver at 10.100.1.1 and a smtpserver at 10.100.1.50.
From the internet I would like to connect to the single address 209.165.202.130 for the web and mail server.

Is this port redirection possible and how?

 

[daidem77]

Yes... this is possible. It will be something like this.. If the commands are not write just put "?" and adjust the commands.

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 10.0.0.50 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface http 10.0.0.1 http netmask 255.255.255.255 0 0
access-list outside_in permit tcp any host 10.0.0.50 eq smtp
access-list outside_in permit tcp any host 10.0.0.1 eq http
access-group outside_in in interface outside


Of course for this to work you have to define the outside interface with the public IP address 209.165.202.130.

Good luck!!

 

[Supergrrover]

I would only make 2 small alterations
1. change "interface" to the actual IP if it is static for the global and static.
2. change the NAT statement to
nat (inside) 1 10.0.0.0 [your network mask]

Just a little tighter control.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[matthijsNL]

Ok thank you both.

I will try as soon as possible (tommorow) and i will let know you if it works.

Kind regards MAtthijs

 

[matthijsNL]

Hello both,

I works fine. The only thng I've to change is in the access-list "any":

!
access-list outside_in permit tcp any any eq smtp
access-list outside_in permit tcp any any eq http
!

Thank you both very much.