Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
1
Replies

Allowing a connection from outside

dave.cook
Level 1
Level 1

‎04-03-2003 08:30 AM - edited ‎03-09-2019 02:45 AM

I have a PIX 506e firewall. I have one public IP which is assigned to the outside interface.

I have already allowed smtp traffic from the outside to my mail server in the LAN. To do this I created a static NAT translation and the appropiate access list and access group statement. This is all working fine.

Now I want to be able to allow my external users access to my IIS server that host Outlook Web Acess. This is on the same mail server. The iis server is waiting on port 2001, so i have done the following

created another static nat for the web services on port 2001 to the mail server and added to the existing access list statement to allow traffic on port 2001 to go to the mail server running iis.

I also added a fixup statement for http for port 2001. I wasnt sure if i needed that?

The problem is that smtp still comes in fine but the OWA access wont.

Do I need another public IP for this service to work??

TIA

Dave

Labels:
0 Helpful
1 Reply 1

syghafoor
Level 1
Level 1

‎04-03-2003 09:05 AM

Pix doesn't map the ports, it can only redirect it, so the following command won't work.

static (inside, outside) tcp interface 80 10.1.1.15 2001

other then that it should work the way you have configured unless there is a software bug. I suggest that you open up a case with cisco TAC.

I hope this helps.

Thanks,

Syed

0 Helpful
Customers Also Viewed These Support Documents