Question

Locked

configure cisco PIX 515

By k.podbielniak ·
Hello all,

I have a basic understanding of Cisco PIX firewalls, and need to make a change, though I'm not sure how/where to do it.

We have a CISCO PIX 515, with 2 machines configured on a DMZ. I have a piece of software installed on a computer behind the firewall (not on the DMZ), that needs to have an external port(from a specific internet IP address) forwarded to it.

Can anyone help me out with the commands I would need to use to accomplish this?

--k

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Here you go

by NetMan1958 In reply to configure cisco PIX 515

Try something like this:

hostname(config)# access-list TELNET permit tcp host 10.1.1.15 eq telnet 10.1.3.0
255.255.255.0 eq telnet
hostname(config)# static (inside,outside) tcp 10.1.2.14 telnet access-list TELNET

For more info see this Cisco document:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043281

Collapse -

The basic command is

by Dumphrey In reply to configure cisco PIX 515

static (inside,outside) [protocol] [external IP] [protocol] [internal ip] [protocol] netmask 255.255.255.255 (this specifies a specific host)0 0

So to map https to an internal 192.168.1.12 from an external of 10.10.10.1 (i know its not rout able)

static (inside,outside) tcp 10.10.10.1 https 192.168.1.12 https netmask 255.255.255.255 0 0

then on the ACL that is applied to the external interface, incoming (access-list out_in is the pix default i think) you would need to create a line such like
access-list out_in permit tcp host 12.12.12.1 host 10.10.10.1 eq https
This would allow the machine at 12.12.12.1 (or the machines PAT/NATed behind it) to access the https server at 10.10.10.1.

The pix command line will help by using the ? after each part of the command to show options.

Collapse -

thanx, but still confused.

by k.podbielniak In reply to The basic command is

Thanks all that replied. I guess I am confused on the external side, where you have 10.10.10.1. I know this isn't an routable number, but where is this external IP address coming from? Is it one that I make up? is it the external IP address of the cisco PIX? is it our public IP address?

--kevin

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums