Re: pix port mapping

From: firstie (secondie@gmail.com)
Date: Mon May 08 2006 - 00:46:14 ART

• Next message: johngibson1541@yahoo.com: "Re: iBGP doesn't peer if the only route is 0.0.0.0 ?"
• Previous message: Michy Eika: "Re: NTP authentication is affected by source interface?[2]"
• Maybe in reply to: Vishal Patel: "pix port mapping"
• Next in thread: Vishal Patel: "RE: pix port mapping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I assume this is about what you are trying to do ...

R2---Outside- PIX ---inside--- R1

R2 telnets to R1 on port 2323 and R1 receives the telnet on port 23.
With version 6.3(4) it works for me. I labbed it up quickly and
results are as below.

HTH
-firstie

R2:
interface FastEthernet0/0
 ip address 137.1.2.2 255.255.255.0
 !
ip route 0.0.0.0 0.0.0.0 137.1.2.20
!
End

PIX:
PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 100 permit tcp host 137.1.2.2 host 137.1.2.100 eq 2323
logging on
logging console debugging
ip address outside 137.1.2.20 255.255.255.0
ip address inside 137.1.1.20 255.255.255.0
static (inside,outside) tcp 137.1.2.100 2323 137.1.1.1 telnet netmask
255.255.255.255 0 0
access-group 100 in interface outside

R1:

interface FastEthernet0/0
ip address 137.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 137.1.1.20

FROM R2 I telnet to R1 on port 2323 that gets translated to 23 after
static command takes care of it

R2 shows ....

Router2#telnet 137.1.2.100 2323
Trying 137.1.2.100, 2323 ... Open
User Access Verification
Password:
Router1>q
[Connection to 137.1.2.100 closed by foreign host]
Router2#

PIX shows ....
 305011: Built static TCP translation from inside:137.1.1.1/23 to
outside:137.1.2.100/2323
302013: Built inbound TCP connection 1 for outside:137.1.2.2/12017
(137.1.2.2/12017) to inside:137.1.1.1/23 (137.1.2.100/2323)
302014: Teardown TCP connection 1 for outside:137.1.2.2/12017 to
inside:137.1.1.1/23 duration 0:00:15 bytes 97 TCP FINs
305012: Teardown static TCP translation from inside:137.1.1.1/23 to
outside:137.1.2.100/2323 duration 0:00:31

Vishal Patel wrote:
> Hi,
>
> A quick question ..
>
> Has one tried to map a different tcp port on the inside ip address to a
> different tcp port on the outside IP address.
>
> Iam trying to map tcp port 8025 inside to tcp 25 outside..
>
> PIX 6.2 (4) takes this command...but the stuff doesn't work..
>
> any ideas ??
>
> Cheers
>
> Vishal
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: johngibson1541@yahoo.com: "Re: iBGP doesn't peer if the only route is 0.0.0.0 ?"
• Previous message: Michy Eika: "Re: NTP authentication is affected by source interface?[2]"
• Maybe in reply to: Vishal Patel: "pix port mapping"
• Next in thread: Vishal Patel: "RE: pix port mapping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART