PIX 515e 6.3. Port redirect question

Unanswered Question
Sep 8th, 2008
User Badges:

This is what I currently have:

access-list incoming permit tcp any host eq www

access-list incoming permit tcp any host eq https

ip address outside

static (inside,outside) netmask 0 0

But I want to redirect SMTP traffic to I know the syntax for:

static (inside,outside) tcp interface www www netmask

static (inside,outside) tcp interface https https netmask

But if I were to use:

static (inside,outside) tcp interface smtp smtp netmask

Wouldn't that be a problem? One that "interface" is referring to "", NOT the .131 address I need the traffic to go to.

So how do I do this? How do I redirect SMTP traffic from an IP address that lies behind the "outside" interface to one LAN address, while redirecting HTTPS and WWW traffic to another LAN address?

Any help would be greatly appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
satish_zanjurne Mon, 09/08/2008 - 22:26
User Badges:
  • Silver, 250 points or more


1.PAT address can be a virtual address , different from outside address.

2.It should be reachable from internet/outside.

3.If you want use"interface" keyword in your static statements, you need to modify your incoming access-list to permit to instead of

4.And the way you have redircted WWW & HTTPS traffic, you can redirect SMTP also same way..

HTH...rate if helpful..

Armegeden Tue, 09/09/2008 - 03:14
User Badges:


I do not think I am understanding. is an IP address within our block. happens to be the address we gave to the PIX. x.131 is the address we're using for Mail.

I need to keep x.134 the outside address, but I need to route traffic SMTP destined for x.131 to a different LAN address than WWW/HTTPS. But both SMTP+WWW/HTTPS will be going toward WAN address x.131.

Does this make sense?

I believe I have the access-list statements correct. It's the static mapping I'm having trouble with.

Basically I need this to happen:

static (inside,outside) tcp www www netmask

static (inside,outside) tcp https https netmask

static (inside,outside) tcp smtp smtp netmask

But I keep getting an error...

satish_zanjurne Tue, 09/09/2008 - 05:52
User Badges:
  • Silver, 250 points or more

1.If you are using as outside address for static, then access-list is correct

2.If you are using which is outside interface address, as you have mentioned, then access-list should contain

3.Your configuration is correct

4.What is the error you are getting ??

Also refer below mentioned document..


HTH...arte if helpful..


This Discussion