Re: RE: Cisco PIX query

[ADSL-Nerd <adslnerd () pacific net sg>]

Hi Paul,

Thanks for your advice, it worked!

Cheers!
James


> From: "Melson, Paul" <PMelson () sequoianet com>
> Date: Mon 23/02/2004 9:48 PM GMT+08:00
> To: "ADSL-Nerd" <adslnerd () pacific net sg>, 
>       <firewall-wizards () honor icsalabs com>
> Subject: RE: [fw-wiz] Cisco PIX query
>
> > -----Original Message-----
> > Is it possible to perform NAT/PAT as seen below: (If there's 
> > such commands)
> >
> > static (inside,outside) 203.82.170.93 TCP 443 102.165.2.9 TCP 
> > 443 netmask 255.255.255.255 0 0 static (inside,outside) 
> > 203.82.170.91 TCP 25 102.165.2.9 TCP 25 netmask 255.255.255.255 0 0
> >
> > Any other ways to do this in PIX?
>
> You're on the right track.  PAT port redirection is the only way I know of to get what you're asking for from a PIX.  
> The syntax for the rules above would look like this:
>
> static (inside,outside) tcp 203.82.170.93 https 102.165.2.9 https netmask 255.255.255.255 0 0
> static (inside,outside) tcp 203.82.170.91 smtp 102.165.2.9 smtp netmask 255.255.255.255 0 0
>
> Because you are doing this from the outside in, you will need complimentary access-list commands to allow the 
> traffic.  You will also want to be sure that the outside addresses aren't also used in a global pool, another static 
> that doesn't use specific ports, or the address of the outside interface.  (You can use the outside interface 
> address, just replace '203.82.170.93' with 'interface' in the static rule(s).)
>
> PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards