Help needed with PIX static map

[Michiel Steltman]

I am afraid I need some help

I have no experience with the Cisco Pix. Now I have to create a
static mapping for an outside IP address to an inside IP address. How would
I do that? Also, how do you configure which protocols to allow and/or deny?
Any good pointers appreciated.

Thanks,

________________________________________________
Jan Post
http://www.siennax.com in...@siennax.com

[Jimmy Liaw]

Hi Michiel,

The syntax for static mapping is
static <global ip> <private ip>

The syntax for creating "holes" in the "firewall" is
conduit <global ip> <port> <protocol> <allowed ip>

e.g.
SMTP translation with private ip 10.1.1.5, global ip 192.200.2.5 and allow
only SMTP (port 25)
UNIX host translation with private ip 10.1.1.6, global ip 192.200.2.6 and
allow only telnet from 192.100.100.0 network

static 192.200.2.5 10.1.1.5 <- static mapping for SMTP
static 192.200.2.6 10.1.1.6 <- static mapping for UNIX host
conduit 192.200.2.5 25 tcp 0 0
conduit 192.200.2.6 23 tcp 192.100.100.0 255.255.255.0

First 2 statement establish a static mapping (you may want to use global
address outside your pooled address). The last 2 statement create "holes"
in the "firewall" that allow tcp and the specific port to enter your private
network. The 0 0 in the 3rd statement is short for 0.0.0.0 0.0.0.0
(everywhere).

I hope this helps.

Regards
Jimmy Liaw

Michiel Steltman <Michiel....@disway.nl> wrote in message
news:7gvnnd$lru$1...@news.telekabel.nl...

Michiel Steltman <Michiel....@disway.nl> wrote in message
news:7gvnnd$lru$1...@news.telekabel.nl...