Re: PIX Version 6.3(4) "interface" vs IP adress
- From: John Smith <jsmith@xxxxxxxxxxxxxx>
- Date: Mon, 23 Jan 2006 09:45:42 -0500
On Mon, 23 Jan 2006 09:21:49 +0100, mak@xxxxxxxxxx wrote:
> hi, i have a general question:
> I am trying to open udp port 5060 on a cisco PIX Version 6.3(4)
> let's say the public address is 12.34.56.78, I have a pool from my provider (12.34.56.72/29) and the server that needs
> to be reached from the outside is 192.168.1.10.
>
> what's the difference of binding the port/protocoll to "interface"
>
> static (inside, outside) udp interface 80 192.168.1.10 5060 netmask 255.255.255.255
> access-list traffic_in permit udp any interface outside eq 5060
>
> as opposed to an addresss out of my pool.
>
> static (inside,outside) udp 12.34.56.73 5060 192.168.1.10 5060 netmask 255.255.255.255 0 0
> access-list traffic_in permit udp any host 12.34.56.73 eq 5060
>
> what would you recommend how to do this.
>
> any help appreciated,
> mak
with the following statement:
static (inside,outside)udp interface 5060 192.168.1.10 5060 netmask
255.255.255.255
....you use your pix outside interface as the IP that external hosts will
connect to for this particular UDP port only. This is usually used where a
small business only has one IP from the ISP (that being the
external/outside interface IP).
Since you have 5 or 6 other IP's to use, if you want to use them for a
static NAT for this host, you could do that. It's mostly a personal
prefernce.
.
- References:
- PIX Version 6.3(4) "interface" vs IP adress
- From: mak@xxxxxxxxxx
- PIX Version 6.3(4) "interface" vs IP adress
- Prev by Date: Re: How to reboot 2612
- Next by Date: How to tell 3845 hardware rev?
- Previous by thread: PIX Version 6.3(4) "interface" vs IP adress
- Next by thread: Re: PIX Version 6.3(4) "interface" vs IP adress
- Index(es):
Relevant Pages
|
