10-05-2005 06:15 PM - edited 02-21-2020 12:26 AM
We want to change these to ports to another number in our PIX 515E. We are using it for incoming and outgoing email. Can someone help in what we would change? Thanks soo much!!!
10-05-2005 06:48 PM
are you changing the port on your mail server as well ? If so then you just need to change your acl entry to the new port. If however you are wanting to 'nat' the port, this is different... which one are you doing ?
10-05-2005 09:33 PM
static (inside,outside) tcp
static (inside,outside) tcp
access-list 100 permit tcp any
access-list 100 permit tcp any
access-group 100 in interface outside
with the sample commands above, remote user needs to point to tcp port 10000 for smtp and tcp 10001 for pop3.
10-05-2005 09:57 PM
Just to follow up on Jack's post...
After applying those statics and ACLs, save with: write mem and then issue: clear xlate, so that the new translations are active.
Jay
10-05-2005 10:05 PM
Just another observation...
On Jack's static for pop3, it should be port 110 rather then port 100 !!!
:o))
10-05-2005 10:20 PM
thanks for pointing it out, so the sample should be:
static (inside,outside) tcp
static (inside,outside) tcp
access-list 100 permit tcp any
access-list 100 permit tcp any
access-group 100 in interface outside
10-06-2005 04:34 AM
I will try this out! Thanks to you guys for your help!!! I will let ya know how it goes.
10-15-2005 07:28 AM
just wondering how you go.
10-17-2005 09:38 AM
HI there!
I am still having problems - What is happening is a machine is spamming out threw are PIX. We are being blacklisted by spamhaus and they have our firewall IP address. We are allowing all outbound traffic out. We want users to get to the Internet. Is there anyway to block it or find out by a log file where it maybe coming from? ANY suggestions would be appriciated! :)
:
10-17-2005 02:54 PM
try this command on the pix, "sh conn | in :25".
with the command above, pix will show all the current connections with port number 25. then you may just observe the number of time an ip address appears. e.g. you may see a particular ip appears 100 times while the other just appears 3 or 4 times.
however, this command will not yield any valuable result providing the "naughty" host is spamming via the email server. the reason being from the pix point of view, all email traffic will be originated from the email server, not the "naughty" host, thus the pix will not be able to track it down. in that case, you would need some sort of monitoring tool for the email server instead.
10-18-2005 04:39 AM
Thanks ! I will give that a try and see. Thanks again for all your help! :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide