Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
7
Replies

Port redirection issue

adrian.watmough
Level 1
Level 1

‎07-10-2003 04:15 AM - edited ‎03-09-2019 03:58 AM

Is it possible to redirect smtp traffic from 2 external addresses to 1 internal address?

I need to do this and get static overlap errors.

Setup is

192.168.199.1 (real address not shown) is inside mail server

there is no nat for this device so it goes out on the outside as 192.168.199.1

nat (inside) 0

static (inside, outside) 192.168.199.1 192.168.199.1 netmask 255.255.255.255

I have 2 addresses on the outside that I would like to redirect to the internal 192.168.199.1 address.

The commands that I would use are

static (inside,outside) tcp 195.106.x.x smtp 192.168.199.1 25 smtp netmask 255.255.255.255

static (inside,outside) tcp 193.132.x.x smtp 192.168.199.1 25 smtp netmask

255.255.255.255

Is it possible to do this?

Can 2 oustide addresses be mapped to one inside address?

Labels:
0 Helpful
7 Replies 7

HEATH FREEL
Level 1
Level 1

‎07-10-2003 04:22 AM

I think you have to modify the static and the internal server ports used for smtp.

for example

static (inside,outside) tcp 195.106.x.x smtp 192.168.199.1 1601netmask 255.255.255.255

static (inside,outside) tcp 193.132.x.x smtp 192.168.199.1 1602 netmask

255.255.255.255

If you have the abiity to change your mail server to listen for SMTP on diffenrent ports ( I picked 1601 and 1602 for no apparent reason ) then you should nt get overlaps.

0 Helpful

adrian.watmough
Level 1
Level 1
In response to HEATH FREEL

‎07-10-2003 04:27 AM

Thanks,

Tried that.

I still get the "error static overlaps" message when I enter the first static command.

I tried specifying a different ip address e.g. 192.168.199.10 and it accepted the first line. When I tried adding the second static line it said "static error".

Does it not allow you to have 2 redirects to the same address?

0 Helpful

HEATH FREEL
Level 1
Level 1
In response to adrian.watmough

‎07-10-2003 04:33 AM

I thought it would - I know that the intention of the command is opposite from what you are trying. - to allow you to use one outside IP for multiple inside services...

An example of my config shows that it would work if you used two differnet services on the outside ports as well - but that would detfeat the purpose of what you are trying to do.

Sorry I couldn't be more help.

0 Helpful

HEATH FREEL
Level 1
Level 1
In response to HEATH FREEL

‎07-10-2003 04:39 AM

Try again - but clear xlate first - I just tried it on a test box and it works.

static (DMZ,outside) tcp 207.1.1.1 smtp 10.1.1.1 1601 netmask

255.255.255.255

static (DMZ,outside) tcp 207.1.1.2 smtp 10.1.1.1 1602 netmask 255.255.255.255

If not upgrade to 6.3.1

Good Luck

0 Helpful

adrian.watmough
Level 1
Level 1
In response to HEATH FREEL

‎07-14-2003 02:34 AM

Already on 6.3.1

The problem I get is that the internal host already has a static mapping to an external address.

If I add the port redirection command I get an "ERROR: static overlaps" message.

0 Helpful

tvanginneken
Level 4
Level 4

‎07-10-2003 04:58 AM

Hi,

Is it possible to do this? Sorry, but it is not possible.

It is only possible is you define different services (so not smtp twice).

Kind Regards,

Tom

0 Helpful

jmia
Level 7
Level 7

‎07-10-2003 05:44 AM

Hi Adrian -

I don't know if you have read or seen this document, might be of help to you :

http://www.cisco.com/warp/public/707/28.html

Hope this helps --

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents