From: Ozgur Guler (gulerozgur@yahoo.co.uk)
Date: Mon May 08 2006 - 18:01:37 ART
Hi Vishal,
Check your outside access-list and in case that ip has a prior mapping do a
specific clear xlate. Can you see the mapping on show xlate output?
HTH
Ozgur Guler, CCIE #13237
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vishal Patel
Sent: Monday, May 08, 2006 5:21 AM
To: 'Cisco certification'
Subject: RE: pix port mapping
Hi,
Iam trying the do something similar.
Wanna map port 8025 of a pc to port 25 for outside world.
I have used the same command you mention , but didn't worked.
May be some issue with the pix version.
I can't do much about it right now, coz it is a production pix.
I don't have a spare pix to test such setup and play around.
Cheers
Vishal
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
firstie
Sent: Monday, 8 May 2006 1:46 PM
To: Vishal Patel
Cc: 'Cisco certification'
Subject: Re: pix port mapping
I assume this is about what you are trying to do ...
R2---Outside- PIX ---inside--- R1
R2 telnets to R1 on port 2323 and R1 receives the telnet on port 23.
With version 6.3(4) it works for me. I labbed it up quickly and results
are as below.
HTH
-firstie
R2:
interface FastEthernet0/0
ip address 137.1.2.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 137.1.2.20
!
End
PIX:
PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list 100 permit tcp host 137.1.2.2 host 137.1.2.100 eq 2323 logging
on logging console debugging ip address outside 137.1.2.20 255.255.255.0 ip
address inside 137.1.1.20 255.255.255.0 static (inside,outside) tcp
137.1.2.100 2323 137.1.1.1 telnet netmask
255.255.255.255 0 0
access-group 100 in interface outside
R1:
interface FastEthernet0/0
ip address 137.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 137.1.1.20
FROM R2 I telnet to R1 on port 2323 that gets translated to 23 after static
command takes care of it
R2 shows ....
Router2#telnet 137.1.2.100 2323
Trying 137.1.2.100, 2323 ... Open
User Access Verification
Password:
Router1>q
[Connection to 137.1.2.100 closed by foreign host] Router2#
PIX shows ....
305011: Built static TCP translation from inside:137.1.1.1/23 to
outside:137.1.2.100/2323
302013: Built inbound TCP connection 1 for outside:137.1.2.2/12017
(137.1.2.2/12017) to inside:137.1.1.1/23 (137.1.2.100/2323)
302014: Teardown TCP connection 1 for outside:137.1.2.2/12017 to
inside:137.1.1.1/23 duration 0:00:15 bytes 97 TCP FINs
305012: Teardown static TCP translation from inside:137.1.1.1/23 to
outside:137.1.2.100/2323 duration 0:00:31
Vishal Patel wrote:
> Hi,
>
> A quick question ..
>
> Has one tried to map a different tcp port on the inside ip address to
> a different tcp port on the outside IP address.
>
> Iam trying to map tcp port 8025 inside to tcp 25 outside..
>
> PIX 6.2 (4) takes this command...but the stuff doesn't work..
>
> any ideas ??
>
> Cheers
>
> Vishal
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART