Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
643
Views
0
Helpful
5
Replies

port forwarding pix

notredame
Level 1
Level 1

‎03-05-2007 02:43 AM

Hello,

I have problem forwarding port 25 from my outside interface to port 25 on my DMZ interface.

Here is my configuration :

Hello,

I have problem forwarding port 25 from my outside interface to port 25 on my DMZ interface.

Here is my configuration :

Hello,

I have problem forwarding port 25 from my outside interface to port 25 on my DMZ interface.

Here is my configuration :

PIX Version 6.2(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 DMZ security10

enable password xxx

hostname pix-rgi

access-list acl-outside permit tcp any host 12.34.56.78 eq smtp

access-list acl-outside permit tcp host 82.67.xx.xx host 12.34.56.78 eq 65437

access-list acl-outside permit tcp host 82.67.xx.xx host 12.34.56.78 eq 65439

access-list acl-outside permit tcp any host 12.34.56.78 eq www

access-list acl-outside permit tcp any host 12.34.56.78 eq https

access-list acl-outside permit tcp any host 12.34.56.78 eq 65435

access-list acl-outside permit ip host 82.67.xx.xx any

access-list acl-dmz permit tcp host 192.168.30.25 host 192.168.10.54

access-list acl-dmz permit tcp host 192.168.30.252 host 192.168.10.52 eq domain

access-list acl-dmz permit tcp host 192.168.30.252 host 192.168.2.10 eq domain

access-list acl-dmz permit ip host 192.168.30.25 host 192.168.10.52

access-list acl-dmz permit tcp host 192.168.30.252 any

access-list acl-dmz deny tcp 192.168.30.0 255.255.255.0 192.168.0.0 255.255.0.0

access-list acl-dmz permit ip 192.168.30.0 255.255.255.0 any

access-list cap permit tcp any host 12.34.56.78 eq smtp

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

ip address outside 12.34.56.78 255.255.255.252

ip address inside 192.168.10.253 255.255.255.0

ip address DMZ 192.168.30.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip verify reverse-path interface DMZ

ip audit name information_outside info action alarm

ip audit name attaque_outside attack action alarm drop reset

ip audit interface outside information_outside

ip audit interface outside attaque_outside

ip audit info action alarm

ip audit attack action alarm

ip local pool seb 192.168.200.10-192.168.200.12

global (outside) 1 12.34.56.73-12.34.56.74 netmask 255.255.255.0

global (outside) 1 12.34.56.75

nat (inside) 1 192.168.2.10 255.255.255.255 0 0

nat (inside) 1 192.168.3.32 255.255.255.255 0 0

nat (inside) 1 192.168.3.210 255.255.255.255 0 0

nat (inside) 1 192.168.10.0 255.255.255.0 0 0

nat (inside) 1 Administratif 255.255.255.0 0 0

nat (DMZ) 1 192.168.30.25 255.255.255.255 0 0

nat (DMZ) 1 192.168.30.252 255.255.255.255 0 0

static (inside,outside) tcp interface 65435 192.168.10.250 ssh netmask 255.255.255.255 0 0

static (inside,outside) tcp interface 65439 192.168.10.54 ssh netmask 255.255.255.255 0 0

static (inside,outside) tcp interface www 192.168.10.250 www netmask 255.255.255.255 0 0

static (DMZ,outside) tcp 12.34.56.78 smtp 192.168.30.25 smtp netmask 255.255.255.255 0 0

static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

access-group acl-outside in interface outside

access-group acl-dmz in interface DMZ

route outside 0.0.0.0 0.0.0.0 12.34.56.78 1

route inside 192.168.2.0 255.255.255.0 192.168.10.1 1

route inside 192.168.3.0 255.255.255.0 192.168.10.1 1

route inside 192.168.4.0 255.255.255.0 192.168.10.1 1

route inside 192.168.5.0 255.255.255.0 192.168.10.1 1

route inside 192.168.6.0 255.255.255.0 192.168.10.1 1

route inside 192.168.7.0 255.255.255.0 192.168.10.1 1

route inside 192.168.8.0 255.255.255.0 192.168.10.1 1

route inside Administratif 255.255.255.0 192.168.10.1 1

route inside 192.168.12.0 255.255.255.0 192.168.10.1 1

route DMZ 192.168.30.2 255.255.255.255 192.168.30.1 1

I can't find what's wrong with the access-list / static /nat rules.

Please help

Thank You

ASCLAR Sebastien

Labels:
0 Helpful
5 Replies 5

kaachary
Cisco Employee
Cisco Employee

‎03-05-2007 02:52 AM

Hi,

Try this :

no static (DMZ,outside) tcp 12.34.56.78 smtp 192.168.30.25 smtp netmask 255.255.255.255

static (DMZ,outside) tcp interface smtp 192.168.30.25 smtp netmask 255.255.255.255

*Please rate if helped.

-Kanishka

0 Helpful

notredame
Level 1
Level 1
In response to kaachary

‎03-05-2007 03:21 AM

Thank you for reply,

Unfortunatly it does not help.

0 Helpful

Kamal Malhotra
Cisco Employee
Cisco Employee
In response to notredame

‎03-05-2007 06:05 AM

Hi,

Please also add the following commands :

access-list acl-outside permit tcp any interface outside

access-list acl-dmz line 1 permit ip host 192.18.30.25 any

HTH,

*Please rate if helps,

Regards,

Kamal

0 Helpful

Kamal Malhotra
Cisco Employee
Cisco Employee
In response to Kamal Malhotra

‎03-05-2007 06:05 AM

Small correction :

The first command should be :

access-list acl-outside permit tcp any interface outside eq 25

Regards,

Kamal

0 Helpful

notredame
Level 1
Level 1
In response to Kamal Malhotra

‎03-05-2007 06:17 AM

I added the 2 lines but it still does not work.

Thank you for help.

0 Helpful
Top