https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225639#M586470 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>is the 'external_IP' you use in the static command the same address as the outside interface of the PIX?</P><P></P><P>Try using this static command instead of the one you use:</P><P></P><P>'static (inside,outside) tcp interface smtp (internal_IP) smtp netmask 255.255.255.255'</P><P></P><P>Try to configure log if it is still not worken. The log message should tell you more what is going wrong.</P><P>To enable logging to a syslog server:</P><P></P><P>'logging on'</P><P>'logging host inside ip-address-syslog-server'</P><P>'logging trap debug'</P><P></P><P>Kind Regards,</P><P>Tom</P><P></P><P></P></BODY></HTML> Thu, 18 Dec 2003 19:54:28 GMT tvanginneken 2003-12-18T19:54:28Z https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225638#M586469 <P>I've read several related posts, but I can't quite figure out what I am doing wrong. This is my first time configuring a PIX.</P><P></P><P>PIX 501 version 6.3(1) </P><P></P><P>I'm trying to allow inbound SMTP traffic to an internal mail server. We have only a single IP address, which is bound to the outside interface of the PIX. Obviously, I want inside users to still be able to NAT out.</P><P></P><P>The commands I *think* I need are these:</P><P></P><P>access-list outside permit tcp any interface outside eq smtp</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>static (inside,outside) tcp (external_IP) smtp (internal_IP) smtp netmask 255.255.255.255 0 0</P><P></P><P>access-group outside in interface outside</P><P></P><P></P><P>with this configuration I cannot connect (from outside) to port 25 on the internal server.</P><P></P><P>what am I missing?</P><P></P><P>Thanks in advance!</P><P></P><P></P><P></P> Fri, 21 Feb 2020 07:09:51 GMT https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225638#M586469 macintirem 2020-02-21T07:09:51Z https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225639#M586470 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>is the 'external_IP' you use in the static command the same address as the outside interface of the PIX?</P><P></P><P>Try using this static command instead of the one you use:</P><P></P><P>'static (inside,outside) tcp interface smtp (internal_IP) smtp netmask 255.255.255.255'</P><P></P><P>Try to configure log if it is still not worken. The log message should tell you more what is going wrong.</P><P>To enable logging to a syslog server:</P><P></P><P>'logging on'</P><P>'logging host inside ip-address-syslog-server'</P><P>'logging trap debug'</P><P></P><P>Kind Regards,</P><P>Tom</P><P></P><P></P></BODY></HTML> Thu, 18 Dec 2003 19:54:28 GMT https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225639#M586470 tvanginneken 2003-12-18T19:54:28Z https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225640#M586471 <HTML><HEAD></HEAD><BODY><P>Your config should look like this:</P><P></P><P>access-list inbound permit tcp any host <EX ip=""> eq smtp</EX></P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>static (inside,outside) tcp <EX ip=""> smtp <IN ip=""> smtp netmask 255.255.255.255 0 0</IN></EX></P><P>access-group inbound in interface outside</P><P></P><P></P><P>So most of your config is correct with exception to your access-list.</P></BODY></HTML> Fri, 19 Dec 2003 16:15:07 GMT https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225640#M586471 jhaggett 2003-12-19T16:15:07Z https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225641#M586472 <HTML><HEAD></HEAD><BODY><P>I have the same problem with all of your suggestions in the config and it still doesn't work for version 6.2(2). Any ideas?</P></BODY></HTML> Mon, 29 Dec 2003 20:36:14 GMT https://community.cisco.com/t5/network-security/pix-501-static-pat-configuration/m-p/225641#M586472 sbosen67 2003-12-29T20:36:14Z