Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Mapping Question on PIX F/W.

Hi There,

Im new to PIX Firewalls so pls bare with me.

i would like to get 2 external IP numbers pointing to the same internal IP address. Now i know this can be done via port mapping but im having a little bit of trouble getting it working correctly. I have 2 external IP address's, 80.80.80.90 and 80.80.80.92 now the 80.80.80.90 is for OWA and currently points to 10.10.10.25 and the 80.80.80.92 address points to 10.10.10.36 and this is the exchange server. What i would like to do is use OWA from the main exchange server rather than the server that OWA sits on at the moment. The Static routes currently setup are like so

static (inside,outside) 80.80.80.92 10.10.10.25 netmask 255.255.255.255 0 0

static (inside,outside) 80.80.80.90 10.10.10.36 netmask 255.255.255.255 0 0

Obviously i need to remove this static addess with the following commands

no static (inside,outside) 80.80.80.92 10.10.10.25 netmask 255.255.255.255 0 0

no static (inside,outside) 80.80.80.90 10.10.10.36 netmask 255.255.255.255 0 0

and now i need to add in two new static routes

static (inside,outside) tcp 80.80.80.90 smtp 10.10.10.36 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp 80.80.80.92 https 10.10.10.36 https netmask 255.255.255.255 0 0

The only thing is that when i add these routes in External emails stop routing and the OWA web address doesn translate to the correct address. so i take it that im not added in the new stating routes correctly please could someone help me?

many thanks

will

3 REPLIES

Re: Port Mapping Question on PIX F/W.

What you want to do is perfectly possible.

Please check the corresponding access-list to permit smtp and https from any source to the outside. (this should be OK if it is working in the old situation.)

Issue the command "clear xlate" to remove any previous entries.

Regards,

Leo

New Member

Re: Port Mapping Question on PIX F/W.

thanks for the reply Leo.

so just to double check this is what i sould be typing?

1. make sure that there is an access-list for both internal address going to the correct ports

2. Run below command to remove old static routes.

no static (inside,outside) 80.80.80.90 10.10.10.36 netmask 255.255.255.255 0 0

no static (inside,outside) 80.80.80.92 10.10.10.26 netmask 255.255.255.255 0 0

3. now run to add in new static routes

static (inside,outside) tcp 80.80.80.90 smtp 10.10.10.36 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp 80.80.80.92 https 10.10.10.36 https netmask 255.255.255.255 0 0

4. run a clear xlate command.

then test.

thank again leo.

Re: Port Mapping Question on PIX F/W.

There is one more thing to check:

Make sure that the acl on the ouside interface is applied. This is done with the global command: access group XXX outside. You should already have it in your config but it may disappear when you make changes to the acl or the statics. Do this check in step4.

For the rest, this looks fairly OK to me. Give it a try and give us feedback when you run into trouble.

Regards,

Leo

125
Views
0
Helpful
3
Replies
CreatePlease to create content