PIX 515 routing question

barry.tsiu · ‎12-08-2005

Dear all experts

I have a trouble when configure the pix 515. I have config a public address (218.103.43.88) to allow a internal machine to access internet, this config is working fine. Now, i want to allow internet users to access the internal machines by using the port. Like port 25 redirect to SMTP server and port 80 redirect to my Web server. When i use the same IP address (218.103.43.88) to do the port redirection, pix shows "Overlap with another rule: static address translation for MailServer using 218.103.43.88 on intferface outside port mapping TCP 25 to 25"

Because i use 218.103.43.88 to do the internet connection and allow external user to access the SMTP and WEB server, how to configure it?

Please advice.

Thanks

BT

spremkumar · ‎12-09-2005

hi

AFAIK for accessing a mail server which is in the outside network u only need to have global,nat statements with route which gives u the default route statement to the outside interface.

but if you gotta mail server in the inside lan and want to give the access from the outside public network then u need to allow acess on the particular port in which the services are running as well as the mapping to an external ip address.

in this case u need to use up static as well access-list,acess-group commands to achieve the same..

i donno about which mapping you are talking over here for accessing the outside mail server..

would suggest to check these links for more info on the same..

Outside Mail Sever Access

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094467.shtml

Inside Mail Server Access

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

regds