cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1061
Views
5
Helpful
5
Replies

ACE 4710 A3 outbound static NAT with Port redirection

VictorAKur
Level 1
Level 1

Hi

I have asked this question before, but as I have not get far with it I am going to try to be more specific this time.

I have a server that needs to do an outbound connection to a mail server. The connection has to be initiated to port 26, that then will be NATed to the external IP and port 26 redirected to port 25 for the SMTP connection.

When I try to configure this:

ACE-2/TEST(config-pmap-c)# nat static x.x.x.x netmask 255.255.255.255 tcp eq 23 vlan 99

I get the error: Error: Invalid real port configured for NAT static

Any ideas what it means anyone?

1 Accepted Solution

Accepted Solutions

What you want to do is not possible.

Gilles.

View solution in original post

5 Replies 5

VictorAKur
Level 1
Level 1

Right. Forget about the previous question. I have an update.

I get this output on show nat policies at the moment:

NAT object ID:39 mapped_if:19 policy_id:50 type:STATIC static_xlate_id:64

ID:64 Static port translation

Real addr:172.21.7.11 Real port:26 Real interface:18

Mapped addr:x.x.x.x Mapped port:25 Mapped interface:19

Netmask:255.255.255.255

where x.x.x.x - is the Public, external IP address on the ACE.

I need the traffic FROM the 172.21.7.11 server going anywhere TO port 26 to be remapped to x.x.x.x port 25. At the moment it does not do it. The service policy on the inside doesn't even get a hit when I am telnetting from the 172.21.7.11 server on port 26 to the outside world. It does get hits when I telnet to x.x.x.x external IP address from outside.

Something is telling me I am looking at it from a wrong direction altogether.

This is the config I have at the moment:

access-list 130 line 20 extended permit ip any any

access-list Source_NAT line 10 extended permit tcp host 172.21.7.11 eq 26 any

class-map match-any Class_Port26

2 match access-list Source_NAT

policy-map multi-match Policy_Port26_Static

class Class_Port26

nat static x.x.x.x netmask 255.255.255.255 tcp eq smtp vlan 99

interface vlan 107

ip address 172.21.7.2 255.255.255.240

peer ip address 172.21.7.1 255.255.255.240

access-group input 130

service-policy input Policy_Port26_Static

no shutdown

No server farms, no load balancing. Just that.

Any ideas?

What you want to do is not possible.

Gilles.

:) haha Thank you very much.

Could you explain why it is not possible?

As you said, the command you're trying to use works the other way around.

The idea is to associate a server with a global ip so it can be reached directly from external users and if necessary perform destination port translation.

You can't modify the destination port of an unknown ip address (I mean unknown at the time of configuration).

If you know the destination, you could configure a static entry for each one of them.

Gilles.

Thank you again. I will have to settle for a static IP translation without port change. Shame, as it would be a rather neat solution otherwise.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: