Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Changing port 25 and 110 in PIX 515E

We want to change these to ports to another number in our PIX 515E. We are using it for incoming and outgoing email. Can someone help in what we would change? Thanks soo much!!!

10 REPLIES
New Member

Re: Changing port 25 and 110 in PIX 515E

are you changing the port on your mail server as well ? If so then you just need to change your acl entry to the new port. If however you are wanting to 'nat' the port, this is different... which one are you doing ?

Gold

Re: Changing port 25 and 110 in PIX 515E

static (inside,outside) tcp 10000 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp 10001 100 netmask 255.255.255.255 0 0

access-list 100 permit tcp any eq 10000

access-list 100 permit tcp any eq 10001

access-group 100 in interface outside

with the sample commands above, remote user needs to point to tcp port 10000 for smtp and tcp 10001 for pop3.

Gold

Re: Changing port 25 and 110 in PIX 515E

Just to follow up on Jack's post...

After applying those statics and ACLs, save with: write mem and then issue: clear xlate, so that the new translations are active.

Jay

Gold

Re: Changing port 25 and 110 in PIX 515E

Just another observation...

On Jack's static for pop3, it should be port 110 rather then port 100 !!!

:o))

Gold

Re: Changing port 25 and 110 in PIX 515E

thanks for pointing it out, so the sample should be:

static (inside,outside) tcp 10000 25 netmask 255.255.255.255 0 0

static (inside,outside) tcp 10001 110 netmask 255.255.255.255 0 0

access-list 100 permit tcp any eq 10000

access-list 100 permit tcp any eq 10001

access-group 100 in interface outside

New Member

Re: Changing port 25 and 110 in PIX 515E

I will try this out! Thanks to you guys for your help!!! I will let ya know how it goes.

Gold

Re: Changing port 25 and 110 in PIX 515E

just wondering how you go.

New Member

Re: Changing port 25 and 110 in PIX 515E

HI there!

I am still having problems - What is happening is a machine is spamming out threw are PIX. We are being blacklisted by spamhaus and they have our firewall IP address. We are allowing all outbound traffic out. We want users to get to the Internet. Is there anyway to block it or find out by a log file where it maybe coming from? ANY suggestions would be appriciated! :)

:

Gold

Re: Changing port 25 and 110 in PIX 515E

try this command on the pix, "sh conn | in :25".

with the command above, pix will show all the current connections with port number 25. then you may just observe the number of time an ip address appears. e.g. you may see a particular ip appears 100 times while the other just appears 3 or 4 times.

however, this command will not yield any valuable result providing the "naughty" host is spamming via the email server. the reason being from the pix point of view, all email traffic will be originated from the email server, not the "naughty" host, thus the pix will not be able to track it down. in that case, you would need some sort of monitoring tool for the email server instead.

New Member

Re: Changing port 25 and 110 in PIX 515E

Thanks ! I will give that a try and see. Thanks again for all your help! :)

169
Views
0
Helpful
10
Replies