Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
4
Replies

PIX 515e 6.3. Port redirect question

Armegeden
Level 1
Level 1

‎09-08-2008 07:50 PM - edited ‎03-11-2019 06:41 AM

This is what I currently have:

access-list incoming permit tcp any host 2.3.245.131 eq www

access-list incoming permit tcp any host 2.3.245.131 eq https

ip address outside 2.3.245.134 255.255.255.192

static (inside,outside) 2.3.245.131 192.168.1.10 netmask 255.255.255.255 0 0

But I want to redirect SMTP traffic to 192.168.1.6. I know the syntax for:

static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255

static (inside,outside) tcp interface https 192.168.1.10 https netmask 255.255.255.255

But if I were to use:

static (inside,outside) tcp interface smtp 192.168.1.6 smtp netmask 255.255.255.255

Wouldn't that be a problem? One that "interface" is referring to "2.3.245.134", NOT the .131 address I need the traffic to go to.

So how do I do this? How do I redirect SMTP traffic from an IP address that lies behind the "outside" interface to one LAN address, while redirecting HTTPS and WWW traffic to another LAN address?

Any help would be greatly appreciated!

Labels:
0 Helpful
4 Replies 4

satish_zanjurne
Level 4
Level 4

‎09-08-2008 10:26 PM

Hi,

1.PAT address can be a virtual address , different from outside address.

2.It should be reachable from internet/outside.

3.If you want use"interface" keyword in your static statements, you need to modify your incoming access-list to permit to 2.3.245.134 instead of 2.3.245.131

4.And the way you have redircted WWW & HTTPS traffic, you can redirect SMTP also same way..

HTH...rate if helpful..

0 Helpful

Armegeden
Level 1
Level 1
In response to satish_zanjurne

‎09-09-2008 03:14 AM

Hmm,

I do not think I am understanding.

2.3.245.131 is an IP address within our block. 2.3.245.134 happens to be the address we gave to the PIX. x.131 is the address we're using for Mail.

I need to keep x.134 the outside address, but I need to route traffic SMTP destined for x.131 to a different LAN address than WWW/HTTPS. But both SMTP+WWW/HTTPS will be going toward WAN address x.131.

Does this make sense?

I believe I have the access-list statements correct. It's the static mapping I'm having trouble with.

Basically I need this to happen:

static (inside,outside) tcp 2.3.245.131 www 192.168.1.10 www netmask 255.255.255.255

static (inside,outside) tcp 2.3.245.131 https 192.168.1.10 https netmask 255.255.255.255

static (inside,outside) tcp 2.3.245.131 smtp 192.168.1.6 smtp netmask 255.255.255.255

But I keep getting an error...

0 Helpful

satish_zanjurne
Level 4
Level 4
In response to Armegeden

‎09-09-2008 05:52 AM

1.If you are using 2.3.245.131 as outside address for static, then access-list is correct

2.If you are using 2.3.245.1354 which is outside interface address, as you have mentioned, then access-list should contain 2.3.245.134

3.Your configuration is correct

4.What is the error you are getting ??

Also refer below mentioned document..

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml#t10

HTH...arte if helpful..

0 Helpful

lreger
Level 1
Level 1
In response to Armegeden

‎09-09-2008 09:19 PM

Try this

static (inside,outside) tcp 2.3.245.131 www 192.168.1.10 www netmask 255.255.255.255 0 0

static (inside,outside) tcp 2.3.245.131 https 192.168.1.10 https netmask 255.255.255.255 0 0

static (inside,outside) tcp 2.3.245.131 smtp 192.168.1.6 smtp netmask 255.255.255.255 0 0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card