redirection of a translation rule

pcguru1964 · ‎06-09-2005

i am deploying an smtp scanning appliance between our pix and the current smtp gateway. i have a static translation rule at the very top of the pdm list. when i try to delete the current rule i get an error. "PDM has found that this operation will result in some security rules getting nullified. Please review your translation / security rules, before retrying this operation." any hints of how i should proceed.

gonzalez-j · ‎06-09-2005

Hi there,

You have some rules that are linked to the static translation so you can't delete the translation. Look at your access lists rules and delete any specific rules dealing with the hosts in the static translation. Also check any object-groups you have set up that might contain the hosts in the static translation. Remove those hosts from the object groups.

Then delete the static translation and re-add it pointing to your smtp scanning appliance.

Joe

pcguru1964 · ‎06-10-2005

thanks for the reply. i have service groups for inside to outside and outside to inside for all the hosts i have. if i understand, you mean that i need to remove all instances of SMTP referencing the existing host?

object-group service BorderTCP tcp

port-object eq smtp

object-group service BorderTCPOUT tcp

port-object eq smtp

then the access lists

access-list outside_access_in permit tcp any host XXX.XXX.XXX.XXX object-group BorderTCP

access-list inside_access_in permit tcp host BorderManager any object-group BorderTCPOUT

then the static NAT

static (inside,outside) tcp interface smtp BorderManager smtp dns netmask 255.255.255.255 0 0

so i need to clear all of these correct?

thanks again.