Cisco PIX 501 Help

[UxBoD <uxbod () splatnix net>]

Hi,

Have just been given a couple of 501's to setup at work.  Basic configuration has been performed, and that is working 
fine. The question I have is whether there is anyway to setup 100+ statics, one to one, port mappings using object 
groups ?  My IP setup is as follows :-

outside -> inside -> host
10.7.152.2 -> 10.6.0.200 -> 10.6.0.202

I have a application that uses 30 ports, plus X11, plus remove support via PCanywhere.  I have created the ACLs using 
object groups, but I don't really fancy setting up individual TCP/UDP static entries.

If I use something like :-

static (inside,outside) interface 10.6.0.202 netmask 255.255.255.255 0 0

Then the outside interface SSH server will not work as all traffic gets mapped through too the inside interface :( 
Obviously we need to support via the outside interface, so is there anyway around it ?

Could I put the SSH on the inside interface and then do something like :-

static (inside,outside) interface 2222 10.6.0.202 22 netmask 255.255.255.255 0 0

so that we just have to connect too port 2222 instead and that will map it through so we can administer the PIX ?

I see on our IOS that we can use access-list on the static mapping, is this a potential use ?

Hope my explanation makes sense ?

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod () sip splatnix net


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards