How to port foward

[soklear]

Hi. Is it possible to port forward (different TCP ports) from a single outside interface Ip address to different internal IP addresses without using NAT?

In otherwords, my external ip address is:
66.87.91.25

my three interal ip addresses are:
192.168.1.1
192.168.1.2
192.168.1.3

I want to forward the ports 5565, 5566 and 5567 respectivly to the above internal ip addresses.

Is it possible and please help if it is.

Thanks,

Bob

 

[Supergrrover]

Here is the basic formula for outside in access-

Build Access List to allow the traffic in (one line for each port)-
access-list outside_access_in permit [TCP/UDP] any [host ExternalIP/interface outside] eq [Port#]

Apply the ACL to the outside interface -
access-group outside_access_in in interface outside

Map incoming port to an IP and port on the inside (one line for each port)-
static (inside,outside) [TCP/UDP] [ExternalIP/interface] [Port#] [InteralIP] [Port#] netmask 255.255.255.255


Anything in brackets needs to be replaced for your specific config. Bold means you have to enter a value (either a port # or IP address)

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[csanburn]

Just to followup on what Brent already said, on my Pix I would have lines like the following in my config to do this:

access-list outside_in permit tcp any host 66.87.91.25 eq 5565
access-list outside_in permit tcp any host 66.87.91.25 eq 5566
access-list outside_in permit tcp any host 66.87.91.25 eq 5567

static (inside,outside) tcp 66.87.91.25 5565 192.168.1.1 5565 netmask 255.255.255.255 0 0
static (inside,outside) tcp 66.87.91.25 5566 192.168.1.2 5566 netmask 255.255.255.255 0 0
static (inside,outside) tcp 66.87.91.25 5567 192.168.1.3 5567 netmask 255.255.255.255 0 0

access-group outside_in in interface outside

That's mostly entered from memory, but I believe that's the config I would use for the IPs and ports you provided.

-Chris