Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 506 with Cable modem DHCP

Status
Not open for further replies.
wintertek

wintertek

IS-IT--Management
May 8, 2002
4
0
0
US
I am currently using a pix 506 with a cable modem. I am getting the outside e0 IP from ISP DHCP server. I am trying to open the PIX to allow inbound traffic to IP 192.168.1.107 but have not had any luck.

Below is the important part of my current config:

PIX Version 5.3(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100

ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

dhcpd address 192.168.1.10-192.168.1.20 inside
dhcpd dns w.x.y.z ww.xx.yy.zz
dhcpd lease 99999999
dhcpd ping_timeout 750
dhcpd enable inside

---

I have tried all different types of static commands:

static (inside,outside) a.b.c.d 192.168.1.107

with all types of access lists and conduits but have not had any luck. Is this even possible to do with a cable modem and a single PAT address? Or have I just wasted a lot of valuable time??

Any help would be greatly appreciated!

 
Sort by date Sort by votes
You need a conduit statement to allow traffic to hit the static address.

example.

conduit permit tcp any a.b.c.d eq www

This would allow any traffic on tcp port 80 to hit your internal web server through the static command.


if you are using acls then it would be...

access-list inbound permit tcp any any eq www
access-group inbound in interface inside

I hope this helps.
 
Upvote 0 Downvote
Hmmmm,

I read on cisco's website that the pix 506 and the static/conduit commands will only work with well known ports (ie: is this true?

Has anyone used the static/conduit statements with other ports like 2349?
 
Upvote 0 Downvote
HI.

Since you have only a single "real" external ip address, you must use port forwarding (static mapping by port).
This is only supported in versions 6.x of the pix.

So, these are some options:
* Use VPN to access internal hosts.
* Upgrade to latest pix version.
* Register at the ISP for more ip addresses.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Thanks for the advice, I am way ahead of you - I have upgraded to v6.21, and now i can get the static/ACL commands to work with ftp etc, but not with a non-standard port like 2349 - unable to get thru.

I will keep working at it and let you know when I get to the truth of the matter.

Anyone with any suggestions would be great!

Thanks.
 
Upvote 0 Downvote
I am trying to do the same thing w/ my cable / PIX 515. I cannot get the port forwarding to work. Is there any chance you can send me the static / ACL / Conduit portion of your config? Any help would be appreciated.

b
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
148
Sameer258
Sameer258
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
44
brownmab53
brownmab53
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
52
ISDPCMAN
ISDPCMAN
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
71
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top