Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

port forwarding on PIX506

I don't seem to be able to configure an SMTP port forwarding rule on the PIX506 device manager.

Can anyone tell me how to do this via PDM.

Is there an easier way to do it via CLI and how can I test the forwarding rule?

Thanks in advance

4 REPLIES
Gold

Re: port forwarding on PIX506

below are the sample codes for cli:

static (inside,outside) tcp interface 25 25 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 25

access-group inbound in interface outside

one way to verify the port forwarding and the inbound acl is to do "telnet 25" from a pc outside the pix, such as from the internet.

New Member

Re: port forwarding on PIX506

thanks.

I have set the rules through CLi and they seem to be accepted OK.

Are there any problems with having a router as the connection equipment that is performing NAT.

The rules on the router are set so that they allow all traffic.

I can access the internet from behind the PIX and the VPN is working fine. But I still don't see port 25 from outside the network.

Re: port forwarding on PIX506

Hello,

So is your pix doing nat and your router doing nat? If so your going to have to statically nat smtp through your router to the pix ip address.

It will look something similar to this

ip nat inside source static tcp x.x.x.x 25 interface FastEthernet0/0 25

x.x.x.x being your pix outside interface ip address

Patrick

New Member

Re: port forwarding on PIX506

I'm not sure about the PIX, How do I check?

the router is, as the network can't see the internet if it doesn't.

i have a rule on the router (which isn't a cisco router) that allows all SMTP traffic through. the logs seem to be confirming this.

Wed, 2006-01-25 09:54:44 - TCP Packet - Source:xx.xx.xx.xx,xxxx Destination:192.168.2.2,25 - [SMTP match]

Can I check what packets are arriving at the outside interface of the PIX?

93
Views
0
Helpful
4
Replies