using non standard tcp port on PIX

Unanswered Question
Mar 21st, 2007

I'm trying to find out how to setup to using non standard tcp port on PIX. For example, I'd like to setup SMTP and POP3 access for users who are coming from outside. Instead of using port 25 and 110, I'd like to use non standard port for security purpose. While I was doing research, I found I can use PAM. Is this possible option on PIX? I can't seem to run any of the command.

I have 515E with 7.0(1).

Thanks.

Pete

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
vitripat Wed, 03/21/2007 - 12:22

Yes, this is very much possible on PIX.

Lets assume that your internal mail server is 10.10.10.10 and the public IP for this mail server is 2.2.2.2. Now, you want to use 2525 for smtp and 1100 for POP3. For this, you can use following commands-

static (inside,outside) tcp 2.2.2.2 2525 10.10.10.10 2525

static (inside,outside) tcp 2.2.2.2 1100 10.10.10.10 1100

access-list outside_in permit tcp any host 2.2.2.2 eq 2525

access-list outside_in permit tcp any host 2.2.2.2 eq 1100

access-group outside_in in interface outside

clear xlate

I have assumed that "outside_in" is the access-group applied on the outside interface of PIX.

If you dont have a separate public IP address for the mail server and want to share the outside interface IP of PIX, commands would change slightly:

static (inside,outside) tcp interface 2525 10.10.10.10 2525

static (inside,outside) tcp interface 1100 10.10.10.10 1100

access-list outside_in permit tcp any interface outside eq 2525

access-list outside_in permit tcp any interface outside eq 1100

access-group outside_in in interface outside

clear xlate

Hope that helps.

Regards,

Vibhor.

Actions

This Discussion