Port forwarding ASA5510

Unanswered Question
Mar 26th, 2008
User Badges:

Internet users access to smtp server located on DMZ1 on ASA5510 by port 25, so I configured a static and ACL lines:

static (DMZ1,Outside) x.x.x.x y.y.y.y netmask

access-list Outside_In extended permit tcp any host x.x.x.x eq 25

access-group Outside_In in interface Outside

All is working fine, but now I need that for some users access to smtp server through port 26, so I need to configure the line:

access-list Outside_In extended permit tcp any host x.x.x.x eq 26

But, how can I made an internal port forwarding so all connections from port 26 goes to port 25 to smtp server??

Is very urgent for me, can you help me with some ideas.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)

I think you'll need to configure a secondary internal IP on the email server. Then you can configure the firewall to NAT the traffic correctly.

Set internal secondary IP on server to z.z.z.z

Existing port 25:

static (DMZ1,Outside) tcp x.x.x.x 25 y.y.y.y 25

Set port 26 to go to port 25 on new IP:

static (DMZ1,Outside) tcp x.x.x.x 26 z.z.z.z 25

Your access-lists should be fine.

Juan Carlos Ari... Thu, 03/27/2008 - 12:16
User Badges:

Chris, that could be a solution, but I won't configure it cause the customer replace his old security device from a third party for an ASA and the old device could do that, do you know what I mean??

I will look forward to get another solution, but thanks anyway, I will keep in mind your sugestion in case is need it.


Juan Carlos


This Discussion