Pix 501 port forwarding on 1 IP address

[mst3k]

We just got a pix 501, and replaced MS ISA (woohoo!) We've got one external ip address, and I am having some trouble getting external access working - we've got an internal web and ftp server. If i make a static route to an internal IP, i get 'local address overlaps with mask'. And nothing seems to be getting through. Since I only have one external ip, my global is 'global (outside) 1 interface'

Is it possible to route specfic ports of that interface to internal addresses, or do I need an additional IP?

I'm too used to ISA's lingo - not comfy yet with the pix

Thanks

 

[gbiello]

Use a static command like this:
static (inside,outside) tcp interface telnet 10.1.1.6 telnet
static (inside,outside) tcp interface ftp 10.1.1.3 ftp

In this case you have the same public IP, but telnet maps to one internal IP, and ftp another. Cisco's website has more information. Search for: "sample PIX port redirection"

Hope this helps,
-gbiello

 

[mst3k]

Schweet!

works like a champ.. Thanks for your help.

 

[Guest_imported]

Hi,

I'm still experiencing trouble with it..

I want to forward for telnet and Windows TS.
But it refuses to do so..

static (inside,outside) tcp interface 3389 192.168.0.12 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface telnet 192.168.0.12 telnet netmask 255.255.255.255 0 0

Maybe you've got an idea?

 

[gbiello]

Two things I can think of:
1. Get rid of the "netmask ... " portion of the statements
2. If this is a brand new PIX replacing another firewall, telnet to the internet router outside the PIX and clear the ARP cache.
3. Do you have a conduit or access-list statement to permit the traffic?

I assume you want telnet and RDP traffic to go to the same inside box?

hope this helps

-gbiello