Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 501 PAT

Status
Not open for further replies.
sdruhl

sdruhl

IS-IT--Management
Jan 1, 2003
26
0
0
US
I have 5 computers on my LAN all connected to the i-net with a DSL line. I want to use the Pix 501 for my firewall. The customer has only 1 static IP from the DSL carrier. The customer needs to be able to RDP into there machines with XP Pro. How do I setup PAT so that all users can RDP to the same IP over different port numbers? EX: PC1 would use 3389, PC2 would use 3379, PC3 would use 3369 for RDP. I need to be able to tell the user RDP to this IP xxx.xx.xxx.xxx:port number I give them. Any help would be greatly appreciated.

 
Sort by date Sort by votes
is this inbound traffic to the 5 machines? if so

static (inside,outside) tcp interface phonyport1 10.1.1.15 rdpport netmask 255.255.255.255
static (inside,outside) tcp interface phonyport2 10.1.1.16 rdpport netmask 255.255.255.255
static (inside,outside) tcp interface phonyport3 10.1.1.17 rdpport netmask 255.255.255.255
static (inside,outside) tcp interface phonyport4 10.1.1.18 rdpport netmask 255.255.255.255
static (inside,outside) tcp interface phonyport5 10.1.1.19 rdpport netmask 255.255.255.255

translates the dummy port on the outside IP to the real port on the inside IP, I used 10.1.1.# for example. Along with ACL on outside interface to allow traffic on the phony ports.

 
Upvote 0 Downvote
Yes the traffic is inbound to the local machines. I'm not sure I understand the phonyport1 command. I assume if my machines IP was 192.168.1.1 I would put this after the phonyport number. What would I put instead of phonyport1? Thanks again
 
Upvote 0 Downvote
the remote user will initiate a rdp session using the outside address on the pix on the port that you specify.

so in your example to get to PC1 the person would use the port 3389, as set up by the static command:

static (inside,outside) tcp interface 3389 10.1.1.15 rdpport netmask 255.255.255.255

yes 192.168.1.1 would replace 10.1.1.15 if that is the ip address of PC1. Replace rdpport with the actual port that the PC is using to listen for RDP on.
 
Upvote 0 Downvote
And you need an ACL to allow the traffic. w.x.y.z is the outside address.

access-list outside-acl permit tcp any w.x.y.z 255.255.255.255 eq 3389
access-list outside-acl permit tcp any w.x.y.z 255.255.255.255 eq 3379
.
.
etc

access-g outside-acl in interface outside
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
35
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
43
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
92
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
29
quazimotto
quazimotto
hall5942
  • Locked
  • Question
Site to Site VPN with Cisco 881 and PIX
Replies
0
Views
32
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top