Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

using non standard tcp port on PIX

I'm trying to find out how to setup to using non standard tcp port on PIX. For example, I'd like to setup SMTP and POP3 access for users who are coming from outside. Instead of using port 25 and 110, I'd like to use non standard port for security purpose. While I was doing research, I found I can use PAM. Is this possible option on PIX? I can't seem to run any of the command.

I have 515E with 7.0(1).

Thanks.

Pete

1 REPLY
Silver

Re: using non standard tcp port on PIX

Yes, this is very much possible on PIX.

Lets assume that your internal mail server is 10.10.10.10 and the public IP for this mail server is 2.2.2.2. Now, you want to use 2525 for smtp and 1100 for POP3. For this, you can use following commands-

static (inside,outside) tcp 2.2.2.2 2525 10.10.10.10 2525

static (inside,outside) tcp 2.2.2.2 1100 10.10.10.10 1100

access-list outside_in permit tcp any host 2.2.2.2 eq 2525

access-list outside_in permit tcp any host 2.2.2.2 eq 1100

access-group outside_in in interface outside

clear xlate

I have assumed that "outside_in" is the access-group applied on the outside interface of PIX.

If you dont have a separate public IP address for the mail server and want to share the outside interface IP of PIX, commands would change slightly:

static (inside,outside) tcp interface 2525 10.10.10.10 2525

static (inside,outside) tcp interface 1100 10.10.10.10 1100

access-list outside_in permit tcp any interface outside eq 2525

access-list outside_in permit tcp any interface outside eq 1100

access-group outside_in in interface outside

clear xlate

Hope that helps.

Regards,

Vibhor.

90
Views
5
Helpful
1
Replies