03-26-2008 11:57 AM
Internet users access to smtp server located on DMZ1 on ASA5510 by port 25, so I configured a static and ACL lines:
static (DMZ1,Outside) x.x.x.x y.y.y.y netmask 255.255.255.255
access-list Outside_In extended permit tcp any host x.x.x.x eq 25
access-group Outside_In in interface Outside
All is working fine, but now I need that for some users access to smtp server through port 26, so I need to configure the line:
access-list Outside_In extended permit tcp any host x.x.x.x eq 26
But, how can I made an internal port forwarding so all connections from port 26 goes to port 25 to smtp server??
Is very urgent for me, can you help me with some ideas.
Regards,
03-26-2008 04:25 PM
I think you'll need to configure a secondary internal IP on the email server. Then you can configure the firewall to NAT the traffic correctly.
Set internal secondary IP on server to z.z.z.z
Existing port 25:
static (DMZ1,Outside) tcp x.x.x.x 25 y.y.y.y 25
Set port 26 to go to port 25 on new IP:
static (DMZ1,Outside) tcp x.x.x.x 26 z.z.z.z 25
Your access-lists should be fine.
03-27-2008 12:16 PM
Chris, that could be a solution, but I won't configure it cause the customer replace his old security device from a third party for an ASA and the old device could do that, do you know what I mean??
I will look forward to get another solution, but thanks anyway, I will keep in mind your sugestion in case is need it.
Regards,
Juan Carlos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide