port forwarding on PIX506

kennedyit · ‎01-24-2006

I don't seem to be able to configure an SMTP port forwarding rule on the PIX506 device manager.

Can anyone tell me how to do this via PDM.

Is there an easier way to do it via CLI and how can I test the forwarding rule?

Thanks in advance

jackko · ‎01-24-2006

below are the sample codes for cli:

static (inside,outside) tcp interface 25 25 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 25

access-group inbound in interface outside

one way to verify the port forwarding and the inbound acl is to do "telnet 25" from a pc outside the pix, such as from the internet.

kennedyit · ‎01-24-2006

thanks.

I have set the rules through CLi and they seem to be accepted OK.

Are there any problems with having a router as the connection equipment that is performing NAT.

The rules on the router are set so that they allow all traffic.

I can access the internet from behind the PIX and the VPN is working fine. But I still don't see port 25 from outside the network.

Patrick Laidlaw · ‎01-24-2006

Hello,

So is your pix doing nat and your router doing nat? If so your going to have to statically nat smtp through your router to the pix ip address.

It will look something similar to this

ip nat inside source static tcp x.x.x.x 25 interface FastEthernet0/0 25

x.x.x.x being your pix outside interface ip address

Patrick

kennedyit · ‎01-25-2006

I'm not sure about the PIX, How do I check?

the router is, as the network can't see the internet if it doesn't.

i have a rule on the router (which isn't a cisco router) that allows all SMTP traffic through. the logs seem to be confirming this.

Wed, 2006-01-25 09:54:44 - TCP Packet - Source:xx.xx.xx.xx,xxxx Destination:192.168.2.2,25 - [SMTP match]

Can I check what packets are arriving at the outside interface of the PIX?