04-05-2006 11:54 AM - edited 03-09-2019 02:31 PM
I have a PIX 515E behind my router (2600). I am trying to setup the PIX to forward SMTP to one server (192.168.1.4)and HTTPS to another server (192.168.1.11) using the same external IP address (192.168.100.10)
when I enter the information below on the pix, I can ONLY send email to my SMTP server, when I try to HTTPS my .11 server, it does not work and the SMTP server stops receiving email.
no static (inside,outside) 192.168.100.10 192.168.1.4 netmask 255.255.255.255 0 0
static (inside,outside) tcp 192.168.100.10 smtp 192.168.1.4 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp 192.168.100.10 https 192.168.1.11 https netmask 255.255.255.255 0 0
clear xlate
More information:
the 192.168.100.10 is not my outside interface.
ACL
access-list ingress permit tcp any host 192.168.100.10 eq https
access-list ingress permit tcp any host 192.168.100.10 eq smtp
Once I undo the changes above, my email server starts working again.
What can I be missing?
04-05-2006 03:08 PM
Config is ok. Do you see a message in the logg ?
How looks the NAT setup in the Router ?
sincerely
Patrick
04-06-2006 01:23 PM
Thank you for your reply,
Here is the NAT on my router:
ip nat inside source static 192.168.100.10 XX.XX.XX.190 extendable
*The two servers SMTP and HTTPS*
ip nat inside source static 192.168.100.2 XX.XX.XX.193 extendable
** Firewall interface **
ip nat inside source static 192.168.100.14 XX.XX.XX.194 extendable
** Internal Web server ***
please let me know if you need more information,
THanks once more,
VC
04-06-2006 10:45 PM
It looks you have on router one static nat for both SMTP and HTTPs
on router try this
no ip nat inside source static 192.168.100.10 XX.XX.XX.190 extendable
and replace with
ip nat iside source static tcp 192.168.100.10 443 XX.XX.XX.190 443 extendable
ip nat iside source static tcp 192.168.100.10 25 XX.XX.XX.190 25 extendable
Check also outside access list of router if SMTP and https communication is permitted to 192.168.100.10
M.
Hope that helps, rate if it does
04-07-2006 01:07 PM
I tried and it did not work. is there a clear command I should enter in the router after changing the NATs?
I have the changes on the router and I will leave this way.
Should I make the changes and restart the devices?
Thanks,
VC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide