I would agree in their suggestion to use ACL's instead of conduits. What you want to look up is actually called port redirection.
John Kaberna CCIE #7146 (R/S, Security) ""Ole Drews Jensen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can use the single IP address on your outside interface without a > problem. > > If your outside address is 200.200.200.200 and you have a mail server on > your inside 10.1.1.1 and a telnet server on your inside 10.2.2.2, you can do > this: > > static (inside,outside) tcp 200.200.200.200 smtp 10.1.1.1 smtp > static (inside,outside) tcp 200.200.200.200 telnet 10.2.2.2 telnet > > conduit permit tcp 200.200.200.200 255.255.255.255 eq smtp any > conduit permit tcp 200.200.200.200 255.255.255.255 eq telnet any > > Hth, > > Ole > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Ole Drews Jensen > Systems Network Manager > CCNP, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > http://www.RouterChief.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Need a Job? > http://www.OleDrews.com/job > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > -----Original Message----- > From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 02, 2002 8:29 AM > To: [EMAIL PROTECTED] > Subject: Re: Pix static mappings to the inside [7:50500] > > > I not sure what code your using, but Cisco recommend using Access-lists > instead of conduit statements. Just create a typical cisco access-list > (except don't invert your masks) and apply it inbound to the outside > interface and you will get the same result as your conduits!! > > C > ----- Original Message ----- > From: "Elijah Savage III" > To: > Sent: Friday, August 02, 2002 4:23 AM > Subject: Pix static mappings to the inside [7:50500] > > > > I have my pix 501 firewall working but I have yet to be able to get > > static mapping working. I try this > > > > Static "outside ip address" "inside ip address" > > > > Conduit permit tcp outside ip inside ip eq 25 any > > > > > > > > When I issue these commands I can get mail into my mail server behind > > the pix but it breaks my nat. I have read that it is not good to use > > your outside global ip address for static mapping but if you only have 1 > > static ip address how else can you do it. > > > > > > > > With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50551&t=50500 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
