Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
4
Replies

Port Forwarding problem

volneicaetano
Level 1
Level 1

‎04-05-2006 11:54 AM - edited ‎03-09-2019 02:31 PM

I have a PIX 515E behind my router (2600). I am trying to setup the PIX to forward SMTP to one server (192.168.1.4)and HTTPS to another server (192.168.1.11) using the same external IP address (192.168.100.10)

when I enter the information below on the pix, I can ONLY send email to my SMTP server, when I try to HTTPS my .11 server, it does not work and the SMTP server stops receiving email.

no static (inside,outside) 192.168.100.10 192.168.1.4 netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.100.10 smtp 192.168.1.4 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.100.10 https 192.168.1.11 https netmask 255.255.255.255 0 0

clear xlate

More information:

the 192.168.100.10 is not my outside interface.

ACL

access-list ingress permit tcp any host 192.168.100.10 eq https

access-list ingress permit tcp any host 192.168.100.10 eq smtp

Once I undo the changes above, my email server starts working again.

What can I be missing?

Labels:
0 Helpful
4 Replies 4

Patrick Iseli
Level 7
Level 7

‎04-05-2006 03:08 PM

Config is ok. Do you see a message in the logg ?

How looks the NAT setup in the Router ?

sincerely

Patrick

0 Helpful

volneicaetano
Level 1
Level 1

‎04-06-2006 01:23 PM

Thank you for your reply,

Here is the NAT on my router:

ip nat inside source static 192.168.100.10 XX.XX.XX.190 extendable

*The two servers SMTP and HTTPS*

ip nat inside source static 192.168.100.2 XX.XX.XX.193 extendable

** Firewall interface **

ip nat inside source static 192.168.100.14 XX.XX.XX.194 extendable

** Internal Web server ***

please let me know if you need more information,

THanks once more,

VC

0 Helpful

m.sir
Level 7
Level 7
In response to volneicaetano

‎04-06-2006 10:45 PM

It looks you have on router one static nat for both SMTP and HTTPs

on router try this

no ip nat inside source static 192.168.100.10 XX.XX.XX.190 extendable

and replace with

ip nat iside source static tcp 192.168.100.10 443 XX.XX.XX.190 443 extendable

ip nat iside source static tcp 192.168.100.10 25 XX.XX.XX.190 25 extendable

Check also outside access list of router if SMTP and https communication is permitted to 192.168.100.10

M.

Hope that helps, rate if it does

0 Helpful

volneicaetano
Level 1
Level 1
In response to m.sir

‎04-07-2006 01:07 PM

I tried and it did not work. is there a clear command I should enter in the router after changing the NATs?

I have the changes on the router and I will leave this way.

Should I make the changes and restart the devices?

Thanks,

VC

0 Helpful
Customers Also Viewed These Support Documents