Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forward on Pix 506

Status
Not open for further replies.
AGonzaga330

AGonzaga330

MIS
Apr 29, 2005
19
0
0
US
ok here is what I want to achieve. This has been two weeks already and I hate procrastinating. But thanks for the helpful users on this forum that I think I've come up with the answer.

I want to access my network at home from work so I can work here and home :) I'm sure everyone here does this and understand what I'm trying to achieve. So lets pretend my company's outside IP address is 192.168.0.1 and my outside address on my PIX 506 is 192.168.1.1

This is how I configured it at home.

I want to open ports for the following services

VNC: 5901
Pc Anywhere: 5631
Remote Desktop: 3389

Access-list RulesForOutside permit tcp host 192.168.0.1 any eq 5901
Access-list RulesForOutside permit tcp host 192.168.0.1 any eq 5631
Access-list RulesForOutside permit tcp host 192.168.0.1 any eq 3389
Access-list RulesforOutside permit ip any any
Access-group RulesforOutside in interface outside

Now that access-list is configured I need to port forward my outside address 192.168.0.1 to my internal NAT which is on a 10.31.0.0 subnet

Static (inside,outside) tcp interface 5901 10.31.0.0 5901
Static (inside,outside) tcp interface 5631 10.31.0.0 5631
Static (inside,outside) tcp interface 3389 10.31.0.0 3389

So there it is. I'm really new at this so if I'm doing anything wrong please tell me. Thank you for your assistance.

Oh and by the way if anyone is wondering why not just configure VPN. Yes I will do that eventually, but I want to know how configure this first.

I will work on VPN soon, but that might take another week or so.

Thanks again.

AG



 
Sort by date Sort by votes
that looks about right, except your acl. You are statically assigning the hosts as the interface, or outside IP of the PIX. The ACLs must show that.. so it should be using 192.168.1.1 as the IP in the ACL, not 0.1

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Oops. Who is better than you? I made a typo error. HeeHee
Since I did say above "my outside address on my PIX 506 is 192.168.1.1"

Hence my ACL would be:

Access-list RulesForOutside permit tcp host 192.168.1.1 any eq 5901
Access-list RulesForOutside permit tcp host 192.168.1.1 any eq 5631
Access-list RulesForOutside permit tcp host 192.168.1.1 any eq 3389
Access-list RulesforOutside permit ip any any
Access-group RulesforOutside in interface outside

Thanks for correcting me.
 
Upvote 0 Downvote
You know.. looking closer at that, I noticed you are trying to static the entire network?

I didn't notice that until now.. unfortunately that would not work, as port forwarding needs to forward to a specific host.

Sorry for not noticing this right away, as I was thinking in my head, regardless of what it showed, that you were staticly linking hosts to the ports. Part of the reason why I probobaly thought that, is that you don't have a subnet mask, as static statements require them to be hosts.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
124
XLNTech1
XLNTech1
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
146
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
56
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
51
mcisar
mcisar
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top