Portforward with pat

[Glitchen]

Posted by: elovelace256
Oct 31, 2007, 11:57am PST


I have a 501 at a branch office that I need to port forward www, ftp and rdp to 3 diffrent hosts.
The outside interface is dhcp
and the inside is 10.50.1.3
the network is 10.50.1.0/24

Below is what I thought would work but it is not portforwarding. Can anyone tell me where I have went wrong?

Thanks!

10.50.1.10 is an inside host
63.200.204.45 is a host on the outside that I want to allow to 3389

access-list outside_in permit tcp any host 10.50.1.10 eq 80
access-list outside_in permit tcp any host 10.50.1.10 eq 3389
access-group outside_in in interface outside
static (inside,outside) tcp 63.200.204.45 80 10.50.1.10 443 netmask 255.255.255.255
static (inside,outside) tcp 63.200.204.45 3389 10.50.1.10 443 netmask 255.255.255.255

 

[octavian10]

Use your public address in your access list, the pix checks acls before it performs translation.
ie access-list outside_in permit tcp any host 63.200.204.45 eq 80

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)

 

[octavian10]

Sorry I thought 63.200.204.45 was a public address you own, I dont think I read your question correctly.
Newer PIX's have the ability to perform Port Redirection, this allows you to access diffrent internal machines with one public address and diffrent port numbers. With this feature your config should look like this,
static (inside,outside) tcp interface 10.50.1.10 80
static (inside,outside) tcp interface 10.50.1.11 23
static (inside,outside) tcp interface 10.50.1.12 3389

The interface parameter causes the pix to perform translation on what ever address is assigned to the outside interface.

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)