10-01-2008 09:29 AM - edited 03-11-2019 06:51 AM
I'm having some trouble with port forwarding on a 515E pix.
I have the following commands in the config
static (inside,outside) tcp 11.11.11.11 smtp 10.0.0.55 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp 11.11.11.11 www 11.11.11.11 www netmask 255.255.255.255 0 0
The goal is to have smtp traffic go to 10.0.0.55 and http traffic to go to the 11.11.11.11 (a public ip). Problem is, none of the traffic is being port forwarded, it is going to the 11.11.11.11 address.
Any help is appreciated.
Dan Cox
10-01-2008 10:39 AM
First of all,
you did not meention if you have an access list defined on outside interface to allow this traffic.
You need to have the following config. along with your existing config. for this to work :
access-l 101 permit tcp any host 11.11.11.11 eq smtp
access-l 101 permit tcp any host 11.11.11.11 eq www
access-l 101 in interface outside
##############
Also :
Is 11.11.11.11 outside interface ip address.
If that is true :
Use :
static (inside,outside) tcp interface smtp 10.0.0.55 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 11.11.11.11 www netmask 255.255.255.255 0 0
access-l 101 permit tcp any interface outside eq smtp
access-l 101 permit tcp any interface outside eq www
access-l 101 in interface outside
Do rate helpful posts.
Regards,
Sushil
10-02-2008 12:21 PM
Sushi,
Thanks for the reply.
I do have an access list in place allowing the traffic and we have multiple "outside" IP's. I think the issue is with my nat/pat setup.
I should have mentioned that 1.1.1.34 is the servers address on the inside network (we don't nat everything). I originally wanted to forward all smtp traffic to 10.0.0.55, but let http traffic continue on to 1.1.1.34 (no nat). When I do show xlate | include 1.1.1.34 I get
Global 1.1.1.34 Local 1.1.1.34
When I clear xlate I get the same thing.
I'm expecting to see
Global 1.1.1.34(25) Local 10.0.0.55(25)
Global 1.1.1.34(80) Local 1.1.1.34(80)
And if I clear xlate enough I sometimes see this, but then it stops and goes back to Global 1.1.1.34 Local 1.1.1.34.
For testing purposes I changed static to
static (inside,outside) tcp 1.1.1.34 smtp 10.0.0.55 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp 1.1.1.34 www 10.0.0.34 www netmask 255.255.255.255 0 0
But I still get Global 1.1.1.34 Local 1.1.1.34
I don't have 1.1.1.34 in global or nat so I'm not sure why it's being globally translated to itself.
Thanks for the help.
Dan
10-02-2008 12:24 PM
Please post,
sh run nat
sh run glo
sh run nat-control
sh run stat
If you are running 6.x-->
sh nat
sh glo
sh static
Regards,
Sushil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide