Nope, didn't miss the point. Here's part of a working configuration, with port redirection. I'm not discounting that linux or BSD or any other number of firewalls can do it, I'm just saying I've configured it and it works.
ip address outside 12.5.33.55 255.255.255.240 ip address inside 192.149.110.50 255.255.255.0 ip address dmz 192.168.1.1 255.255.255.0 ... static (dmz,outside) tcp 12.5.33.55 443 192.168.1.2 443 netmask 255.255.255.255 0 0 -----Original Message----- From: David Tran [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 5:46 PM To: Don Claybrook; [EMAIL PROTECTED] Subject: Re: NAT commands [7:27539] You are missing the point. Even if you are using "port mapping", you still need an additional IP address to redirect traffic to the Win2k. With linux or BSD, it is capable of redirecting traffic that hit the external IP address of the Firewall itself. Now, this is something the PIX can not do without using additional external IP. Even with version 6 ----- Original Message ----- From: "Don Claybrook" To: Sent: Wednesday, November 28, 2001 6:11 PM Subject: Re: NAT commands [7:27539] > If that's "why PIX sucks", then take heart. It sucks no more, as of Version > 6.0. Use port mapping. > > > ----- Original Message ----- > From: "David Tran" > To: > Sent: Wednesday, November 28, 2001 2:19 PM > Subject: Re: NAT commands [7:27539] > > > > That's why PIX sucks. Go with Linux or BSD > > ----- Original Message ----- > > From: "Rizzo, Damian" > > To: > > Sent: Wednesday, November 28, 2001 4:20 PM > > Subject: RE: NAT commands [7:27539] > > > > > > > I do not think this will work. I had the exact same problem as below, > > though > > > I was using a Cable connection. After talking with Cisco it was > determined > > > that the problem was attempting to forward GRE traffic. Since GRE is a > > > Protocol and not a Port, it is extremeley difficult to route and/or > > forward, > > > and in the event you are using a PIX firewall, as I found out, it is > just > > > not possible. I actually had to purchase another IP address from my ISP > so > > I > > > could Static map it and use ACL's to open the GRE protocol. Hope this > > helps. > > > > > > > > > -Rizzo > > > > > > > > > > > > -----Original Message----- > > > From: NKP [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, November 28, 2001 8:50 AM > > > To: [EMAIL PROTECTED] > > > Subject: NAT commands [7:27539] > > > > > > > > > Hi All > > > I have the following scenario . > > > I have a Cisco 2600 router which is connected to the ISDN and I have > got > > a > > > fixed Ip address from my ISP which is assigned to the bri interface , > it > > is > > > connecting fine .All the internal addresses are translated on ethernet > > > on my ethernet I have a Windows 2K server . > > > I want a remote user to connect to my Win2K server , how should I > > > configure my router to send the request for authentication to this win2K > > > server via VPN as it has a translated IP address . . My remote client is > > on > > > Win 98 . > > > > > > My present router configs are given below > > > > > > thanks in advance , > > > > > > Navin Parwal > > > > > > > > > > > > > > > Router# > > > Router# > > > Router#sh run > > > Building configuration... > > > > > > Current configuration: > > > ! > > > version 12.0 > > > service timestamps debug uptime > > > service timestamps log uptime > > > no service password-encryption > > > ! > > > hostname Router > > > ! > > > ! > > > memory-size iomem 10 > > > ip subnet-zero > > > ! > > > ip dhcp pool local > > > network 192.168.1.0 255.255.255.0 > > > default-router 192.168.1.1 > > > dns-server 12.10.194.34 > > > ! > > > isdn switch-type basic-net3 > > > ! > > > ! > > > ! > > > ! > > > interface Ethernet0/0 > > > ip address 192.168.1.1 255.255.255.0 > > > no ip directed-broadcast > > > ip nat inside > > > no cdp enable > > > no mop enabled > > > ! > > > interface Serial0/0 > > > no ip address > > > no ip directed-broadcast > > > no ip mroute-cache > > > shutdown > > > no fair-queue > > > clockrate 64000 > > > ! > > > interface BRI0/0 > > > ip address 202.157.70.61 255.255.255.0 > > > no ip directed-broadcast > > > ip nat outside > > > encapsulation ppp > > > dialer string 226476 > > > dialer-group 1 > > > isdn switch-type basic-net3 > > > no cdp enable > > > ppp chap refuse > > > ppp pap sent-username jbc password > > > hold-queue 75 in > > > ! > > > ip nat inside source list 10 interface BRI0/0 overload > > > ip classless > > > ip route 0.0.0.0 0.0.0.0 BRI0/0 > > > no ip http server > > > ! > > > access-list 10 permit any > > > dialer-list 1 protocol ip permit > > > ! > > > ! > > > line con 0 > > > transport input none > > > line aux 0 > > > line vty 0 4 > > > login > > > ! > > > no scheduler allocate > > > end > > > This electronic mail transmission contains confidential information > > intended > > > only for the person(s) named. Any use, distribution, copying, or > > disclosure > > > by any other person is strictly prohibited. If you received this > > > transmission in error, please notify the sender by replying to e-mail > and > > > destroy message. Opinions, conclusions, and other information in this > > > message that do not relate to the official business of MARAKON > ASSOCIATES > > > shall be understood to be neither given nor endorsed by the company. > When > > > addressed to MARAKON clients, any information contained in this e-mail > is > > > subject to the terms and conditions in the governing client contract. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27621&t=27539 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
