[c-nsp] PIX 513E - Multiple ports within static command
Jens Bach Jacobsen
jensb82 at gmail.com
Wed Feb 28 05:08:25 EST 2007
you cannot make a
static range
:(
the only way is to map all ports to the server... and have another public ip
for the other server.
sorry
Regards
jens bach
2007/2/28, Paul - Talk Talk <paul.stainton at talktalk.net>:
>
> Hi,
>
>
>
> I am trying to route SIP through our PIX513E
>
>
>
> The goal is to..
>
>
>
> 1) allow incoming traffic on port 5060 to one LAN address e.g.
> 192.168.10.20
>
> 2) allow incoming traffic on ports 6000 - 6999 to another LAN
> address
> e.g. 192.168.10.30
>
>
>
> using..
>
>
>
> access-list internet permit udp any host XX.XXX.XX.240 eq 5060
>
> (inside,outside) udp XX.XXX.XX.240 5060 192.168.10.20 5060 netmask
> 255.255.255.255 0 0
>
>
>
> Works for part 1
>
>
>
>
>
>
>
> But part 2 is more difficult as
>
>
>
> access-list internet permit udp any host XX.XXX.XX.240 range 6000 6999 -
> is
> OK
>
>
>
> But how do you route this to 192.168.10.30 ports 6000 6999
>
> without 999 single entries?
>
>
>
> Regards to all
>
>
>
> Paul Stainton
>
>
>
>
> _____
>
> << ella for Spam Control >> has removed 158 Spam messages and set aside 0
> Newsletters for me
> You can use it too - and it's FREE! www.ellaforspam.com
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Med venlig hilsen
Jens Bach Jacobsen
More information about the cisco-nsp
mailing list