Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Forwarding problem

I have a PIX 515E behind my router (2600). I am trying to setup the PIX to forward SMTP to one server (192.168.1.4)and HTTPS to another server (192.168.1.11) using the same external IP address (192.168.100.10)

when I enter the information below on the pix, I can ONLY send email to my SMTP server, when I try to HTTPS my .11 server, it does not work and the SMTP server stops receiving email.

no static (inside,outside) 192.168.100.10 192.168.1.4 netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.100.10 smtp 192.168.1.4 smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp 192.168.100.10 https 192.168.1.11 https netmask 255.255.255.255 0 0

clear xlate

More information:

the 192.168.100.10 is not my outside interface.

ACL

access-list ingress permit tcp any host 192.168.100.10 eq https

access-list ingress permit tcp any host 192.168.100.10 eq smtp

Once I undo the changes above, my email server starts working again.

What can I be missing?

4 REPLIES

Re: Port Forwarding problem

Config is ok. Do you see a message in the logg ?

How looks the NAT setup in the Router ?

sincerely

Patrick

New Member

Re: Port Forwarding problem

Thank you for your reply,

Here is the NAT on my router:

ip nat inside source static 192.168.100.10 XX.XX.XX.190 extendable

*The two servers SMTP and HTTPS*

ip nat inside source static 192.168.100.2 XX.XX.XX.193 extendable

** Firewall interface **

ip nat inside source static 192.168.100.14 XX.XX.XX.194 extendable

** Internal Web server ***

please let me know if you need more information,

THanks once more,

VC

Gold

Re: Port Forwarding problem

It looks you have on router one static nat for both SMTP and HTTPs

on router try this

no ip nat inside source static 192.168.100.10 XX.XX.XX.190 extendable

and replace with

ip nat iside source static tcp 192.168.100.10 443 XX.XX.XX.190 443 extendable

ip nat iside source static tcp 192.168.100.10 25 XX.XX.XX.190 25 extendable

Check also outside access list of router if SMTP and https communication is permitted to 192.168.100.10

M.

Hope that helps, rate if it does

New Member

Re: Port Forwarding problem

I tried and it did not work. is there a clear command I should enter in the router after changing the NATs?

I have the changes on the router and I will leave this way.

Should I make the changes and restart the devices?

Thanks,

VC

142
Views
0
Helpful
4
Replies