Re: Cisco PIX 501

On Wed, 14 Sep 2005 11:51:38 -0500, Shadus <shadus@shadus.org> wrote:

>I'm presently trying to setup a cisco pix 501 to forward a range of
>ports to a host on the inside.
>
>192.168.100.200 needs to have several ports forwarded along to it.
>I've tried a couple different methods but everytime it comes back
>to setting a static up for each individual port... for obvious
>reasons when dealing with ~120 ports this sucks. When I only needed 10
>ports I just setup static (outside, inside) 6881 192.168.100.200 6881
>netmask 255.255.255.255 0 0... cant get it to work with a range or
>object-group though... but i may be doing something wrong.
>
>Any ideas? Here's the current config (It currently has some remenants of
>me trying to get the portrange forwarded.)
>
>The basics are: I need ports 6881-6999, 6112, 3724 forwarded to
>192.168.100.200 and I dont want to do ~120 lines of static port mappings
>
SNIP
>Ideas? Suggestions?

access-list inside_acl permit tcp 192.168.100.200 255.255.255.0 host
xxx.xxx.xxx.xxx range 6881 6999

access-list inside_acl permit tcp 192.168.100.200 255.255.255.0 host
xxx.xxx.xxx.xxx 6112

access-list inside_acl permit tcp 192.168.100.200 255.255.255.0 host
xxx.xxx.xxx.xxx 3724

then set a static route to 192.168.100.200 from whatever public IP
address you have assigned

Is this what your looking for

-- 
Si
-- 
Simon