Re: Pix 515E Disabling PAT

On 5/10/2012 10:20 AM, Marco Giuliani wrote:
On 09/05/2012 22:38, RG wrote:

The problem with this is if I am a client behind the firewall ie
192.168.1.132 port 30456 connecting to server outside of the firewall ie
192.168.5.30 port 5060. I would like that the ip/port appearing to the
server should be the external ip of the firewall preserving original
port number ie 192.168.5.1 port 30456.

Now that you explain to me, when configuring exemption, I suppose,
firewall is routing packets.
Yes. You're right.

In that case, the server never had a return
route. I just changed it and it works.

ok.
Is there a way to do this with just NAT and no PAT? Can you use static
statements for outbound connections? If so, how?


static (inside,outside) 192.168.5.132 192.168.1.132

"Static NAT allows bidirectional connection initiation, both to and from
the host (if an access rule exists that allows it). With dynamic NAT and
PAT, on the other hand, each host uses a different address or port for
each subsequent translation, so bidirectional initiation is not supported."

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1094702



On the other hand, Everytime you map many real address (e.g. inside
subnet 192.168.1.0/24) to a single global address (e.g. interface public
address), pix firewall do port address traslation.

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

Bye,
marco


This is excellent. Thanks for all your help.
.

Relevant Pages

  • Re: Activesync / Airsync - Alternative Ports
    ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ...
    (microsoft.public.pocketpc.activesync)
  • Re: Activesync / Airsync - Alternative Ports
    ... "Chris De Herrera" wrote: ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to 8888 ...
    (microsoft.public.pocketpc.activesync)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)