Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
3
Replies

Pix 501 v 6.3 outgoing port translation setup

actinc-it
Level 1
Level 1

‎12-07-2010 10:47 AM - edited ‎03-11-2019 12:19 PM

I have a pix 501 firewall running version 6.3 at our hosting provider. Our hosting provider blocks outgoing port 25 to any servers other than their relay servers. I now have a need to use our own gateway server outside of their network. Their tech support let me know that if I could configure our outgoing mail to use a different port, we could point it wherever we want.

The problem is that the mail server software we are currently using does not allow to specify a port for a gateway server. Upgrading the software is not really an option as we are transitioning away from that now.

I have heard of some utilities that can be installed on the server to do port redirects but I am not sure if you can specify incoming or outgoing. So that option is out.

So what I want to do is configure port translation on the firewall. I would want to make a rule that would take all outgoing traffic from the internal network interface on port 25 and then map it to another port like 1000 for example.

I've done some digging and have only been able to find manuals for later versions of the PIX software. I'm sure this should be a fairly simple operation, if this feature is even available in our software version. If anyone has any ideas of what steps I should take to implement this, or where I should look for information, please let me know.

Thanks in advance for any help provided, and please ask for any additional information if needed.

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-07-2010 10:58 AM

Hi Andrew,

I'm not sure if it's what you need:

static (in,out) tcp 1.1.1.1 1000 2.2.2.2 25

The above will translate incoming traffic that is received by the PIX on IP 1.1.1.1 TCP port 1000 to internal 2.2.2.2 on port 25.

But since the rule is bidirectional... it means that outgoing traffic from source 2.2.2.2 on port 25 will be translated to 1.1.1.1 on port 1000.

What do you think?

Federico.

0 Helpful

actinc-it
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-07-2010 01:00 PM

Well that would almost work, but it would break the incoming mail part.

What I want to do is only have outgoing traffic on port 25 translated to a different port.

I would still want to be able to have incoming traffic on port 25 stay on port 25.

Hopefully this is possible.

Thanks for the quick reply.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to actinc-it

‎12-07-2010 01:08 PM

Andrew,

I have not tried it (just thinking it might work):

access-list PAT permit tcp host 1.1.1.1 eq 25 any
static (in,out) tcp 2.2.2.2 1000 access-list PAT

The idea is that when host 1.1.1.1 creates an outbound TCP connection using source port 25 to any destination, it will get PATed to 2.2.2.2 on port 1000.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card