01-24-2006 02:18 AM - edited 03-09-2019 01:43 PM
I don't seem to be able to configure an SMTP port forwarding rule on the PIX506 device manager.
Can anyone tell me how to do this via PDM.
Is there an easier way to do it via CLI and how can I test the forwarding rule?
Thanks in advance
01-24-2006 02:43 AM
below are the sample codes for cli:
static (inside,outside) tcp interface 25
access-list inbound permit tcp any interface outside eq 25
access-group inbound in interface outside
one way to verify the port forwarding and the inbound acl is to do "telnet
01-24-2006 06:03 AM
thanks.
I have set the rules through CLi and they seem to be accepted OK.
Are there any problems with having a router as the connection equipment that is performing NAT.
The rules on the router are set so that they allow all traffic.
I can access the internet from behind the PIX and the VPN is working fine. But I still don't see port 25 from outside the network.
01-24-2006 10:43 AM
Hello,
So is your pix doing nat and your router doing nat? If so your going to have to statically nat smtp through your router to the pix ip address.
It will look something similar to this
ip nat inside source static tcp x.x.x.x 25 interface FastEthernet0/0 25
x.x.x.x being your pix outside interface ip address
Patrick
01-25-2006 01:58 AM
I'm not sure about the PIX, How do I check?
the router is, as the network can't see the internet if it doesn't.
i have a rule on the router (which isn't a cisco router) that allows all SMTP traffic through. the logs seem to be confirming this.
Wed, 2006-01-25 09:54:44 - TCP Packet - Source:xx.xx.xx.xx,xxxx Destination:192.168.2.2,25 - [SMTP match]
Can I check what packets are arriving at the outside interface of the PIX?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide