Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port redirection issue

Is it possible to redirect smtp traffic from 2 external addresses to 1 internal address?

I need to do this and get static overlap errors.

Setup is

192.168.199.1 (real address not shown) is inside mail server

there is no nat for this device so it goes out on the outside as 192.168.199.1

nat (inside) 0

static (inside, outside) 192.168.199.1 192.168.199.1 netmask 255.255.255.255

I have 2 addresses on the outside that I would like to redirect to the internal 192.168.199.1 address.

The commands that I would use are

static (inside,outside) tcp 195.106.x.x smtp 192.168.199.1 25 smtp netmask 255.255.255.255

static (inside,outside) tcp 193.132.x.x smtp 192.168.199.1 25 smtp netmask

255.255.255.255

Is it possible to do this?

Can 2 oustide addresses be mapped to one inside address?

7 REPLIES
New Member

Re: Port redirection issue

I think you have to modify the static and the internal server ports used for smtp.

for example

static (inside,outside) tcp 195.106.x.x smtp 192.168.199.1 1601netmask 255.255.255.255

static (inside,outside) tcp 193.132.x.x smtp 192.168.199.1 1602 netmask

255.255.255.255

If you have the abiity to change your mail server to listen for SMTP on diffenrent ports ( I picked 1601 and 1602 for no apparent reason ) then you should nt get overlaps.

New Member

Re: Port redirection issue

Thanks,

Tried that.

I still get the "error static overlaps" message when I enter the first static command.

I tried specifying a different ip address e.g. 192.168.199.10 and it accepted the first line. When I tried adding the second static line it said "static error".

Does it not allow you to have 2 redirects to the same address?

New Member

Re: Port redirection issue

I thought it would - I know that the intention of the command is opposite from what you are trying. - to allow you to use one outside IP for multiple inside services...

An example of my config shows that it would work if you used two differnet services on the outside ports as well - but that would detfeat the purpose of what you are trying to do.

Sorry I couldn't be more help.

New Member

Re: Port redirection issue

Try again - but clear xlate first - I just tried it on a test box and it works.

static (DMZ,outside) tcp 207.1.1.1 smtp 10.1.1.1 1601 netmask

255.255.255.255

static (DMZ,outside) tcp 207.1.1.2 smtp 10.1.1.1 1602 netmask 255.255.255.255

If not upgrade to 6.3.1

Good Luck

New Member

Re: Port redirection issue

Already on 6.3.1

The problem I get is that the internal host already has a static mapping to an external address.

If I add the port redirection command I get an "ERROR: static overlaps" message.

Re: Port redirection issue

Hi,

Is it possible to do this? Sorry, but it is not possible.

It is only possible is you define different services (so not smtp twice).

Kind Regards,

Tom

Gold

Re: Port redirection issue

Hi Adrian -

I don't know if you have read or seen this document, might be of help to you :

http://www.cisco.com/warp/public/707/28.html

Hope this helps --

331
Views
0
Helpful
7
Replies