Please help me understand my configuration

[MichaelDay]

Here is my configuration:
-----------------------------
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ************** encrypted
passwd ****************** encrypted
hostname BlackHole
domain-name mydomain.org
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol http 443
fixup protocol http 6001
fixup protocol http 6002
fixup protocol http 6004
fixup protocol http 82
fixup protocol http 110
fixup protocol http 3389
fixup protocol http 8100
no fixup protocol smtp 25
names
access-list 100 permit tcp any host 24.166.99.90 eq www
access-list 100 permit tcp any host 24.166.99.90 eq smtp
access-list 100 permit tcp any host 24.166.99.90 eq domain
access-list 100 permit tcp any host 24.166.99.92 eq ftp
access-list 100 permit tcp any host 24.166.99.94 eq 1750
access-list 100 permit tcp any host 24.166.99.94 eq www
access-list 100 permit tcp any host 24.166.99.94 eq 443
access-list 100 permit tcp any host 24.166.99.90 eq 443
access-list 100 permit tcp any host 24.166.99.90 eq 135
access-list 100 permit tcp any host 24.166.99.94 eq 135
access-list 100 permit tcp any host 24.166.99.90 eq 593
access-list 100 permit tcp any host 24.166.99.94 eq 593
access-list 100 permit tcp any host 24.166.99.90 eq pop3
access-list 100 permit tcp any host 24.166.99.92 eq 3389
access-list 100 permit tcp any host 24.166.99.94 eq 3389
access-list 100 permit tcp any host 24.166.99.92 eq 8100
access-list 100 permit tcp any host 24.166.99.92 eq 82
access-list inside permit tcp 192.168.0.0 255.255.255.0 any eq 443
access-list inside permit tcp 192.168.0.0 255.255.255.0 any eq 135
access-list inside permit tcp 192.168.0.0 255.255.255.0 any eq www
access-list inside permit tcp 192.168.0.0 255.255.255.0 any eq 3389
access-list inside permit tcp 192.168.0.0 255.255.255.0 any eq 8100
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 200 permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 201 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
logging console debugging
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1500
mtu inside 1500
ip address outside 24.166.99.91 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 24.166.99.93
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 24.166.99.90 192.168.1.7 netmask 255.255.255.255 0 0
static (inside,outside) 24.166.99.94 192.168.1.6 netmask 255.255.255.255 0 0
static (inside,outside) 24.166.99.92 192.168.1.28 netmask 255.255.255.255 0 0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 24.155.93.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
service resetinbound
crypto ipsec transform-set Lex esp-des esp-md5-hmac
crypto map Lex 1 ipsec-isakmp
crypto map Lex 1 match address 200
crypto map Lex 1 set peer 216.555.127.207
crypto map Lex 1 set peer 70.555.128.142
crypto map Lex 1 set transform-set Lex
crypto map Lex 2 ipsec-isakmp
crypto map Lex 2 match address 201
crypto map Lex 2 set peer 62.555.186.65
crypto map Lex 2 set transform-set Lex
crypto map Lex interface outside
isakmp enable outside
isakmp key ******** address 216.555.127.207 netmask 255.255.255.255
isakmp key ******** address 62.555.186.65 netmask 255.255.255.255
isakmp key ******** address 70.555.128.142 netmask 255.255.255.255
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 3600
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.0.1 255.255.255.255 inside
telnet timeout 5
ssh 24.555.243.218 255.255.255.255 outside
ssh 24.555.243.218 255.255.255.255 inside
ssh timeout 5
terminal width 80
Cryptochecksum:***********************************
---------------------------------------

Please help me understand:

How do I allow port 82 open and redirect to internal machine with IP 192.168.1.21?

How do I allow port 21 to be redirected to internal machine with IP 192.168.1.21?


How do I allow port 80 to be redirected to internal machine with IP 192.168.1.21?

Public IP to access to these ports is 24.166.99.92

Thank you

 

[KiscoKid]

You already have a static NAT setup for the public IP you want to use

static (inside,outside) 24.166.99.92 192.168.1.28 netmask 255.255.255.255 0 0

Therefore if you want to use 24.166.99.92 for the service you're trying to setup, you will first need to delete this static NAT mapping and rewrite it thus:

static (inside,outside) 24.166.99.92 192.168.1.21 netmask 255.255.255.255 0 0


Also you've got existing access lists in place for the public IP you want to us

access-list 100 permit tcp any host 24.166.99.92 eq ftp
access-list 100 permit tcp any host 24.166.99.92 eq 3389
access-list 100 permit tcp any host 24.166.99.92 eq 8100
access-list 100 permit tcp any host 24.166.99.92 eq 82


You will need to delete the first 3 lines (ftp, 3389 and 8100) and rewrite these access lists as follows:

access-list 100 permit tcp any host 24.166.99.92 eq 21
access-list 100 permit tcp any host 24.166.99.92 eq 80
access-list 100 permit tcp any host 24.166.99.92 eq 82