https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477561#M535307 <HTML><HEAD></HEAD><BODY><P>Hello koshy,</P><P></P><P>I checked the configuration and static and access-list looks fine. Please let me know if you have the following command in the configuration:</P><P></P><P>access-group outside_access_in in interface outside</P><P></P><P>If yes and still the problem persist. Try the following command and test to see if that helps:</P><P></P><P>clear xlate</P><P></P><P>If the problem still occurs. Please send the sh xlate information with the complete configuration file.</P><P></P><P>If you have any questions, please feel free to contact me.</P><P></P><P>Thanks &amp; Regards,</P><P>Harish Tandon</P><P><A href="mailto:harishtandon23@gmail.com">harishtandon23@gmail.com</A></P></BODY></HTML> Sat, 16 Jul 2005 14:42:56 GMT harishtandon23 2005-07-16T14:42:56Z https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477560#M535306 <P>Hello,</P><P></P><P>I am Koshy working with M/s ITI Limited, palakkad. </P><P>I have a problem with Port Address Redirection (PIX 515E)</P><P></P><P>I have configured static translation to a public IP with my internal servers. </P><P>Public IP 210.212.235.147 is to be translated to a.b.c.d for "www" packets.</P><P>Public IP 210.212.235.147 is to be translated to aa.bb.cc.dd for "smtp and pop3 packets.</P><P></P><P>Sadly enough requests destined for smtp as well as pop3 doesn't reach inside my network.</P><P>Below given is the configuration.</P><P></P><P></P><P>Configuration:</P><P></P><P></P><P>I have not configured NAT </P><P></P><P></P><P>pixfirewall(config)# sh access-list outside_access_in</P><P>access-list outside_access_in; 3 elements</P><P>access-list outside_access_in line 1 permit tcp any host 210.212.235.147 eq pop3 (hitcnt=0)</P><P>access-list outside_access_in line 2 permit tcp any host 210.212.235.147 eq smtp (hitcnt=0)</P><P>access-list outside_access_in line 3 permit tcp any host 210.212.235.147 eq www (hitcnt=4)</P><P>pixfirewall(config)#</P><P></P><P>pixfirewall(config)# sh static</P><P>static (inside,outside) tcp 210.212.235.147 smtp 10.75.200.3 smtp netmask 255.255.255.255 0 0</P><P>static (inside,outside) tcp 210.212.235.147 pop3 10.75.200.3 pop3 netmask 255.255.255.255 0 0</P><P>static (inside,outside) tcp 210.212.235.147 www 10.75.200.2 www netmask 255.255.255.255 0 0 </P><P></P><P></P><P></P><P>Please help me solve the problem</P><P></P><P></P> Fri, 21 Feb 2020 08:16:31 GMT https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477560#M535306 koshy 2020-02-21T08:16:31Z https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477561#M535307 <HTML><HEAD></HEAD><BODY><P>Hello koshy,</P><P></P><P>I checked the configuration and static and access-list looks fine. Please let me know if you have the following command in the configuration:</P><P></P><P>access-group outside_access_in in interface outside</P><P></P><P>If yes and still the problem persist. Try the following command and test to see if that helps:</P><P></P><P>clear xlate</P><P></P><P>If the problem still occurs. Please send the sh xlate information with the complete configuration file.</P><P></P><P>If you have any questions, please feel free to contact me.</P><P></P><P>Thanks &amp; Regards,</P><P>Harish Tandon</P><P><A href="mailto:harishtandon23@gmail.com">harishtandon23@gmail.com</A></P></BODY></HTML> Sat, 16 Jul 2005 14:42:56 GMT https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477561#M535307 harishtandon23 2005-07-16T14:42:56Z https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477562#M535309 <HTML><HEAD></HEAD><BODY><P>Hello Harish,</P><P></P><P>Below given is the configuration.</P><P></P><P>pixfirewall(config)# sh run</P><P>: Saved</P><P>:</P><P>PIX Version 6.3(4)</P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>fixup protocol dns maximum-length 512</P><P>fixup protocol ftp 21</P><P>fixup protocol h323 h225 1720</P><P>fixup protocol h323 ras 1718-1719</P><P>fixup protocol http 80</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol sip 5060</P><P>fixup protocol sip udp 5060</P><P>fixup protocol skinny 2000</P><P>fixup protocol smtp 25</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol tftp 69</P><P>names</P><P>access-list acl-in permit tcp any host 210.212.235.147 eq www</P><P>access-list acl-in permit tcp any host 210.212.235.148 eq smtp</P><P>access-list acl-in permit tcp any host 210.212.235.148 eq pop3</P><P>pager lines 1000</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>ip address outside 210.212.235.146 255.255.255.248</P><P>ip address inside 10.75.200.1 255.255.0.0</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>pdm logging informational 100</P><P>pdm history enable</P><P>arp timeout 14400</P><P>static (inside,outside) tcp 210.212.235.147 www 10.75.200.2 www netmask 255.255.</P><P>255.255 0 0</P><P>static (inside,outside) tcp 210.212.235.147 smtp 10.75.200.3 smtp netmask 255.25</P><P>5.255.255 0 0</P><P>static (inside,outside) 210.212.235.148 10.75.200.3 netmask 255.255.255.255 0 0</P><P>access-group acl-in in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 210.212.235.145 1</P><P>timeout xlate 3:00:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00</P><P>timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server TACACS+ max-failed-attempts 3</P><P>aaa-server TACACS+ deadtime 10</P><P>aaa-server RADIUS protocol radius</P><P>aaa-server RADIUS max-failed-attempts 3</P><P>aaa-server RADIUS deadtime 10</P><P>aaa-server LOCAL protocol local</P><P>http server enable</P><P>http 10.75.200.11 255.255.255.255 inside</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server community public</P><P>no snmp-server enable traps</P><P>floodguard enable</P><P>telnet 10.75.200.2 255.255.255.255 inside</P><P>telnet 10.75.200.11 255.255.255.255 inside</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>console timeout 0</P><P>dhcpd lease 3600</P><P>dhcpd ping_timeout 750</P><P>terminal width 80</P><P>Cryptochecksum:xxx</P><P>: end</P><P>pixfirewall(config)#</P></BODY></HTML> Tue, 19 Jul 2005 08:47:45 GMT https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477562#M535309 koshy 2005-07-19T08:47:45Z https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477563#M535311 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have just connected to your public IPs i.e.</P><P></P><P>210.212.235.147 connected to port 80 (www), 210.212.235.148 connected to port 110 (pop3),</P><P>210.212.235.148 connected to port 25 (smtp)</P><P></P><P>So, your outside ACL should be:</P><P></P><P>access-list acl-in permit tcp any host 210.212.235.147 eq www </P><P>access-list acl-in permit tcp any host 210.212.235.148 eq smtp </P><P>access-list acl-in permit tcp any host 210.212.235.148 eq pop3 </P><P>access-group acl-in in interface outside</P><P></P><P>Your static should be:</P><P></P><P>static (inside,outside) tcp 210.212.235.148 smtp 10.75.200.3 smtp netmask 255.255.255.255 0 0</P><P>static (inside,outside) tcp 210.212.235.148 pop3 10.75.200.3 pop3 netmask 255.255.255.255 0 0</P><P>static (inside,outside) tcp 210.212.235.147 www 10.75.200.2 www netmask 255.255.255.255 0 0</P><P></P><P>Now save with: write mem and also isssue: clear xlate</P><P></P><P>Let me know if this helps and please rate post if it does.</P><P></P><P>Jay</P></BODY></HTML> Tue, 19 Jul 2005 10:28:42 GMT https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477563#M535311 jmia 2005-07-19T10:28:42Z https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477564#M535314 <HTML><HEAD></HEAD><BODY><P>Hi, again..</P><P></P><P>also notice that your public IP 210.212.235.148 answers to telnet on port 80, so, is your inside www server IP = 10.75.200.3 (Public IP: 210.212.235.148) OR is it 10.75.200.2 (Public IP 210.212.235.147)</P><P></P><P>Which IP is it???</P><P></P><P>Jay</P></BODY></HTML> Tue, 19 Jul 2005 10:38:14 GMT https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477564#M535314 jmia 2005-07-19T10:38:14Z https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477565#M535317 <HTML><HEAD></HEAD><BODY><P>Hello JMIA</P><P></P><P>There was some errors in the cofig I sent.</P><P></P><P>Configuration I need to work is </P><P></P><P>access-list acl-in permit tcp any host 210.212.235.147 eq www </P><P>access-list acl-in permit tcp any host 210.212.235.147 eq smtp </P><P>access-list acl-in permit tcp any host 210.212.235.147 eq pop3 </P><P>access-group acl-in in interface outside </P><P></P><P></P><P></P><P>static (inside,outside) tcp 210.212.235.147 www 10.75.200.2 www netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp 210.212.235.147 smtp 10.75.200.3 smtp netmask 255.255.255.255 0 0 </P><P>static (inside,outside) tcp 210.212.235.147 pop3 10.75.200.3 pop3 netmask 255.255.255.255 0 0 </P><P></P><P>Sorry 4 the error. </P><P></P><P>Kindly help.</P><P></P><P></P></BODY></HTML> Wed, 20 Jul 2005 05:35:08 GMT https://community.cisco.com/t5/network-security/port-address-redirection-pix-515e/m-p/477565#M535317 koshy 2005-07-20T05:35:08Z