Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forwarding to multiple Private IPs from one Public IP?

Status
Not open for further replies.
RaymanWindar

RaymanWindar

MIS
May 19, 2008
10
US
Hello, I've been scartching my head about this for a week now and can't get it figured out.

What Im trying to accomplish is to do port forwarding to multiple Internal IP addresses from one Public.

My current setup is Comcast Business modem (NAT is turned off, doing NAT through PIX) Then I have a Cisco Pix 501 then a 24 port Linksys switch. The business modem is pluged into port 0(outside) of the pix and the switch is in port 1(inside).

The lay out is Comcast Business Modem -> Pix -> Switch
IP addressing lay out is X.X.X.54(gateway)Busines Modem 192.168.100.1(internal IP of Business Modem) -> X.X.X.53(Public IP of Pix) PIX 192.168.100.254(Internal IP) -> Linksys 24 port switch

First is this even possilbe to do?
Second if so how? What am I doing wrong?

if there are any questions please let me know

Here is my current config:

Visionary-Pix# show run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password XXXX encrypted
passwd XXXX encrypted
hostname Visionary-Pix
domain-name visionary.local
clock timezone PST -8
clock summer-time PDT recurring
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inbound permit tcp any host X.X.X.53 eq https
access-list inbound permit tcp any host X.X.X.53 eq pptp
access-list inbound permit tcp any host X.X.X.53 eq smtp
access-list inbound permit tcp any host X.X.X.53 eq www
access-list inbound permit udp any host X.X.X.53 eq 4500
access-list inbound permit tcp any host X.X.X.53 eq 3101
access-list inbound permit tcp any host X.X.X.53 eq 3398
access-list inbound permit tcp any host X.X.X.53 eq 3389
access-list inbound permit tcp any host X.X.X.53 eq 3392
access-list inbound permit tcp any host X.X.X.53 eq 1024
access-list inbound permit tcp any host X.X.X.53 eq 3391
access-list inbound permit tcp any host X.X.X.53 eq 3388
access-list inbound permit udp any host X.X.X.53 eq 3388
pager lines 24
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside X.X.X.53 255.255.255.X
ip address inside 192.168.100.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.100.254 255.255.255.255 inside
pdm location 192.168.100.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.0 inside
pdm location 192.168.100.51 255.255.255.255 inside
pdm location 192.168.100.5 255.255.255.255 inside
pdm location 192.168.100.104 255.255.255.255 inside
pdm location 192.168.100.163 255.255.255.255 inside
pdm location 192.168.100.193 255.255.255.255 inside
pdm location 192.168.100.171 255.255.255.255 inside
pdm location 192.168.100.176 255.255.255.255 inside
pdm location 0.0.0.0 0.0.0.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp X.X.X.53 3398 192.168.100.104 3398 netmask 255.255.255.255

0 0
static (inside,outside) tcp X.X.X.53 smtp 192.168.100.5 smtp netmask 255.255.255.255 0

0
static (inside,outside) tcp X.X.X.53 1024 192.168.100.51 1024 netmask 255.255.255.255 0

0
static (inside,outside) tcp X.X.X.53 https 192.168.100.5 https netmask 255.255.255.255

0 0
static (inside,outside) tcp X.X.X.53 pptp 192.168.100.5 pptp netmask 255.255.255.255 0

0
static (inside,outside) tcp X.X.X.53 255.255.255.255 0 0
static (inside,outside) udp X.X.X.53 4500 192.168.100.5 4500 netmask 255.255.255.255 0

0
static (inside,outside) tcp X.X.X.53 3389 192.168.100.163 3389 netmask 255.255.255.255

0 0
static (inside,outside) tcp X.X.X.53 3392 192.168.100.193 3392 netmask 255.255.255.255

0 0
static (inside,outside) tcp X.X.X.53 3101 192.168.100.5 3101 netmask 255.255.255.255 0

0
static (inside,outside) tcp X.X.X.53 3391 192.168.100.171 3391 netmask 255.255.255.255

0 0
static (inside,outside) tcp X.X.X.53 3388 192.168.100.176 3388 netmask 255.255.255.255

0 0
route outside 0.0.0.0 0.0.0.0 X.X.X.54 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 15
console timeout 0
terminal width 80
Cryptochecksum:xxxx
: end
 
Sort by date Sort by votes
Do you have any connectivity? Change your static to reference the interface vs the IP:

static (inside,outside) tcp interface 3392 192.168.100.193 3392 netmask 255.255.255.255

 
Upvote 0 Downvote
Not 100% sure what connectivity you mean. If to the Internet yes, if from anoter network (my house or any where else besides the office) no.

Also should I change this for all the internal IP addresses? And also when you put in 'interface' is that only thing?
 
Upvote 0 Downvote
fix on last post "If to the Internet yes, if from anoter network (my house or any where else besides the office) no."

I meant:
If to the Internet yes, if from anoter network (my house or any where else besides the office) to the internal network using the port forwarding (i.e. remote desktop) no.
 
Upvote 0 Downvote
I tried referencing 'Outside' instead of using the host IP and its still not going through. Any more suggestions or does everything check out?
 
Upvote 0 Downvote
wow, awesome. Cant beileve i missed that for a week! Thank you for you help. Ill give that a try.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
323
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
286
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
336
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
284
nnaarrnn
nnaarrnn
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
170
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top