PDM - change IP address of internal mail server

Unanswered Question
Nov 3rd, 2009

PIX Firewall 6.3(1)

PIX Device Manager 3.0(1)

PDM 3.0(1)

I'm trying to do something that should be simple. We are adding an anti-spam device to our network. Currently, the PIX is directing SMTP traffic to our Exchange server ( I'm trying to now direct that SMTP traffic to the anti-spam device (

The PIX has an access rule and a translation rule. I have tried to change the IP address in both rules from to I continue to get a message when trying to change the access rule stating:

No Static Network Address Translation rule is configured for the destination host or network on interface outside. Would you like to add a static NAT rule for the host or network now?

I do so, but when returning to editing the access rule and clicking OK, the same message comes up, as if I have not added the NAT rule.

I have also tried to change the translation rule, but it will not allow the IP address of to be changed. If I try to remove the translation rule, it states the following:

PDM has found that this operation will result in some security rules getting nullified. Please review your transaction/security rules before retrying this operation.

Where am I going wrong? The rules in place function with the existing mail server - just trying to change the internal IP that the mail gets routed to.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Tue, 11/24/2009 - 20:13

Unfortunately I do not have PDM running to be able to assist you.  This seems extremely simple to be able to do with PDM.

Could you mind doing it via CLI instead? Login to the FW either via telnet or ssh and issue

sh run | i static

copy and past the line that refers to the and smtp with a "no" in front of it and replace the same line with

The ACL applied on the outside does not need changed as the public IP would still be the same correct?

Kureli Sankar Tue, 11/24/2009 - 20:19

upon further research it does look like it is expected behavior with PDM.

PDM will not allow to create an access rule without a translation rule.  And, it will display this message when trying to remove a

translation rule that is somehow related to the access rule.

Best course of active is what I suggested earlier to do it via CLI.

How about upgrading the OS so, you can use ASDM instead?


This Discussion