pixfirewall# sh run : Saved : PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list inside_access_in permit ip any any access-list outside_access_in permit icmp any any echo-reply access-list outside_access_in permit tcp any any eq www access-list outside_access_in permit tcp any any eq 3389 access-list outside_access_in permit tcp any any eq ftp access-list outside_access_in permit tcp any any eq imap4 access-list outside_access_in permit tcp any any eq 54321 access-list outside_access_in permit tcp any any eq smtp access-list outside_access_in deny ip any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 172.16.0.1 255.255.0.0 ip audit info action alarm ip audit attack action alarm pdm location 172.16.0.0 255.255.255.0 inside pdm location 172.16.0.2 255.255.255.255 inside pdm location 172.16.0.13 255.255.255.255 inside pdm location 18.104.22.168 255.255.255.255 outside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 22.214.171.124 www 172.16.0.2 www netmask 255.255.255.255 0 0 static (inside,outside) tcp 126.96.36.199 3389 172.16.0.2 3389 netmask 255.255.255.255 0 0 static (inside,outside) tcp 188.8.131.52 ftp 172.16.0.2 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp 184.108.40.206 imap4 172.16.0.2 imap4 netmask 255.255.255.255 0 0 static (inside,outside) tcp 220.127.116.11 54321 172.16.0.13 54321 netmask 255.255.255.255 0 0 static (inside,outside) tcp 18.104.22.168 55555 172.16.0.2 55555 netmask 255.255.255.255 0 0 static (inside,outside) tcp 22.214.171.124 smtp 172.16.0.2 smtp netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 172.16.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 172.16.0.10-172.16.0.40 inside dhcpd dns 126.96.36.199 188.8.131.52 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:cbb655acc6e0376dd5d5c2ca3405428c : end
As you can see I've done some portforwarding/porttranslation, and made some access-lists that should match those forwadings. Pretty simple..
All the portforwarding I've made are working, I've tested it from an external host - EXCEPT of port 25 aka SMTP - it does NOT work and i can't understand why.
I've tried telnetting my mail server on port 25 on my LAN on the server local IP address, and here I get an answers as i should. But if I take an external host and telnet on port 25 to my external IP, i do not get an answer.
I can understand why since the portforwading for port 25 is made that same what as i did for port 80 - and port 80 is working :/
Is there some special setting for port 25 for this PIX 501?
The funny thing is that even throgh the telnet on port 25 are not working from an external host to my external IP, that mail server is reciving mails. I didn't think that the mail server would recive mails if I could not telnet it on port 25 from the internet, but it does...
So its getting more and more strange, I can still telnet my mail server on port 25 on the local IP from a PC on my lan 172.16.0.0 /16..
I was uning Centos and IPtables as router/firewall before i got this PIX, and with that setup I was able to telnet my mailserver on port 25 from the WAN..
So everthing is actually working, the mail server is reciving mails, I just fint it strange that i cannot telnet the server on port 25 anymore..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :