Re: [c-nsp] can you port forward to a non connected subnet?

Fri, 31 Jul 2009 11:57:26 -0700 

Hi,

That works fine.  You just need to enable routing to that remote subnet to the 
local SVI on the switch.

-ryan

-----Original Message-----
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados
Sent: Friday, July 31, 2009 2:48 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] can you port forward to a non connected subnet?

Hi, I have a question RE port forwarding.

BACKGROUND

We have a pix with two interfaces.  One public interface has a static 
outside of 206.x.x.77 and we have an internal interface with an interface IP 
of 10.18.7.254.  On the inside interface we attach a core switch with lots 
of VLANs with different subnets attached and routing enabled in the switch. 
The default route on the core is set to point at 10.18.7.254 and nat is 
enabled.  One of these VLANS has a subnet of 10.18.4.128/26 which hosts some 
servers.  The servers are obviously not directly connected to the segment 
where the Pix is attached but they can route out to the Internet via the pix 
and reach 10.18.7.254 with out issue.  My question is can you map a port 
from the outside to one of the 10.18.4.128/26 servers through the core or 
does that server have to be a member of the 10.18.7.225/27 subnet where the 
pix is directly connected?  Would something like the following work?

static (inside,outside) 206.x.x.77 10.18.4.142 netmask 255.255.255.255 0 0

and the ACL
access-list acl-outside permit ip any 206.x.x.77 eq 80


If this will work, does anything special need to be configured or will this 
not work at all?  Also, if this does work is there anything particularly bad 
or bad form about this type of arrangement?  Any pointers would be 
appreciated.

Thank you
Scott

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to