Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port redirection on PIX525 with multiple public IP addresses


We have a bunch of public IP addresses, on our PIX 525, which we have statically mapped to internal hosts (one by one) using the following command:

static (inside,outside) 210.XXX.XXX.XXX netmask 0 0

We then use rules in an ACL to permit for example pop3 traffic from the Internet to access the public IP as follows:

access-list PUBLICIN permit tcp any host 210.XXX.XXX.XXX eq pop3

This works fine, and allows only the open ports to access that public IP address, and therefore only that port can access the Internal host.

We have taken away one of the entries and replaced it with the following:

static (inside,outside) tcp 210.XXX.XXX.XXX 65284 smtp 0 0

static (inside,outside) tcp 210.XXX.XXX.XXX imap4 imap4 0 0

static (inside,outside) tcp 210.XXX.XXX.XXX pop3 pop3 0 0

We also added an entry in the ACL to permit port 65284 to 210.XXX.XXX.XXX.

The pop3 and imap ports work fine, but if you telnet to the public IP on the port 65284, it wont go through.

We are doing this for security reasons I guess (to avoid publishing port 25 straight to the Internet). This server does not recieve incomming email so having the port like this does not make problems for mail, it is mostly for remote users sending mail through our server.

Any ideas why this might not be working?


New Member

Re: Port redirection on PIX525 with multiple public IP addresses

did you do a 'clear arp' & 'clear xlate'. If so, do a 'show xlate' & 'show conn' to look at the translations.