Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
4
Replies

Redirection

rmwhite59
Level 1
Level 1

‎09-09-2005 08:06 AM - edited ‎03-09-2019 12:23 PM

I have a new pix 501 setup and need to redirect dns, smtp, pop3, http, and ftp traffic from 24.xxx.xxx.61 to 192.168.1.4. The external gateway is 24.xxx.xxx.61 I have tried several thing but can't get it to work. Anyone have any suggestions?

Labels:
0 Helpful
4 Replies 4

tmoreo
Level 1
Level 1

‎09-09-2005 12:19 PM

Three quick things off the top.

1) Can you post the config

2) Port mapping is done on the external interface and not the external gateway. so give that a shot.

3) Try the gui. it often is forgiving and guides you through some configuration

0 Helpful

pwicks
Level 1
Level 1

‎09-09-2005 04:03 PM

****** Application Layer Protection for HTTP, SMTP, POP3, FTP and DNS *******

fixup protocol http 80

fixup protocol ftp strict 21

fixup protocol dns maximum-length 512

fixup protocol smtp 25

******* Access List to Permit Outside Connections to Internal Servers ********

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq www

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq smtp

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq pop3

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq ftp

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq domain

access-list outside-in permit udp any host 24.xxx.xxx.61 eq domain

******* Apply Access List to Outside Interface *******

access-group outside-in in interface outside

******* Translation for External to Internal IP *******

static (inside,outside) 24.xxx.xxx.61 1192.168.1.4 netmask 255.255.255.255 0 0

- This is for version 6.3(4) or above.

- Do not include the lines with the *********

- Make sure that you change tghe 24.xxx.xxx.61 references to the real external IP address

- If your mail server needs ESMTP commands (like Microsoft Exchange), do not use the SMTP fixup

0 Helpful

tmoreo
Level 1
Level 1
In response to pwicks

‎09-09-2005 04:22 PM

Two more questions

1) Do you want to perform Port Redirection or a static NAT with filtering

Your config is for static NAT with filtering

Port redirection might look more like

static (inside,outside) tcp interface smtp 192.168.1.4 smtp netmask 255.255.255.255 0 0

no need for the access list.

2) What is the address of your external interface and is this your only ip or do you have multiple?

0 Helpful

pwicks
Level 1
Level 1

‎09-09-2005 06:38 PM

You are correct. Since the poster asked for code for redirection, please see below:

****** Translation for Outgoing Traffic *******

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

****** Application Layer Protection for HTTP, SMTP, POP3, FTP and DNS *******

fixup protocol http 80

fixup protocol ftp strict 21

fixup protocol dns maximum-length 512

fixup protocol smtp 25

******* Access List to Permit Outside Connections to Internal Servers ********

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq www

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq smtp

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq pop3

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq ftp

access-list outside-in permit tcp any host 24.xxx.xxx.61 eq domain

access-list outside-in permit udp any host 24.xxx.xxx.61 eq domain

******* Apply Access List to Outside Interface *******

access-group outside-in in interface outside

******* Translation for External to Internal IP Using Port Redirection *******

static (inside,outside) tcp interface www 192.168.1.4 www netmask 255.255.255.255 0 0

static (inside,outside) tcp interface smtp 192.168.1.4 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp interface pop3 192.168.1.4 pop3 netmask 255.255.255.255 0 0

static (inside,outside) tcp interface domain 192.168.1.4 domain netmask 255.255.255.255 0 0

static (inside,outside) udp interface domain 192.168.1.4 domain netmask 255.255.255.255 0 0

- This is for version 6.3(4) or above.

- Do not include the lines with the *********

- Make sure that you change tghe 24.xxx.xxx.61 references to the real external IP address

- If your mail server needs ESMTP commands (like Microsoft Exchange), do not use the SMTP fixup

0 Helpful
Customers Also Viewed These Support Documents