Port forwarding ASA5510

Juan Carlos Arias Perez · ‎03-26-2008

Internet users access to smtp server located on DMZ1 on ASA5510 by port 25, so I configured a static and ACL lines:

static (DMZ1,Outside) x.x.x.x y.y.y.y netmask 255.255.255.255

access-list Outside_In extended permit tcp any host x.x.x.x eq 25

access-group Outside_In in interface Outside

All is working fine, but now I need that for some users access to smtp server through port 26, so I need to configure the line:

access-list Outside_In extended permit tcp any host x.x.x.x eq 26

But, how can I made an internal port forwarding so all connections from port 26 goes to port 25 to smtp server??

Is very urgent for me, can you help me with some ideas.

Regards,

cmcbride · ‎03-26-2008

I think you'll need to configure a secondary internal IP on the email server. Then you can configure the firewall to NAT the traffic correctly.

Set internal secondary IP on server to z.z.z.z

Existing port 25:

static (DMZ1,Outside) tcp x.x.x.x 25 y.y.y.y 25

Set port 26 to go to port 25 on new IP:

static (DMZ1,Outside) tcp x.x.x.x 26 z.z.z.z 25

Your access-lists should be fine.

Juan Carlos Arias Perez · ‎03-27-2008

Chris, that could be a solution, but I won't configure it cause the customer replace his old security device from a third party for an ASA and the old device could do that, do you know what I mean??

I will look forward to get another solution, but thanks anyway, I will keep in mind your sugestion in case is need it.

Regards,

Juan Carlos