Port redirection on PIX525 with multiple public IP addresses

Unanswered Question
Nov 5th, 2007

Hi,

We have a bunch of public IP addresses, on our PIX 525, which we have statically mapped to internal hosts (one by one) using the following command:

static (inside,outside) 210.XXX.XXX.XXX 10.2.10.10 netmask 255.255.255.255 0 0

We then use rules in an ACL to permit for example pop3 traffic from the Internet to access the public IP as follows:

access-list PUBLICIN permit tcp any host 210.XXX.XXX.XXX eq pop3

This works fine, and allows only the open ports to access that public IP address, and therefore only that port can access the Internal host.

We have taken away one of the entries and replaced it with the following:

static (inside,outside) tcp 210.XXX.XXX.XXX 65284 10.2.10.10 smtp 0 0

static (inside,outside) tcp 210.XXX.XXX.XXX imap4 10.2.10.10 imap4 0 0

static (inside,outside) tcp 210.XXX.XXX.XXX pop3 10.2.10.10 pop3 0 0

We also added an entry in the ACL to permit port 65284 to 210.XXX.XXX.XXX.

The pop3 and imap ports work fine, but if you telnet to the public IP on the port 65284, it wont go through.

We are doing this for security reasons I guess (to avoid publishing port 25 straight to the Internet). This server does not recieve incomming email so having the port like this does not make problems for mail, it is mostly for remote users sending mail through our server.

Any ideas why this might not be working?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhouser Tue, 11/06/2007 - 09:21

did you do a 'clear arp' & 'clear xlate'. If so, do a 'show xlate' & 'show conn' to look at the translations.

Actions

This Discussion