Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trying to create router Port redirect on router IOS (or firewall)

We are trying to create a port redirect from an outside email server to our internal mail server. We'd like the router to convert inbound smtp traffic from a particular remote host (4.4.4.1) to tcp 2525 instead of the default tcp25 port. We tried 'ip port-map smtp port 2525 list 99' with 'access-list 99 permit 4.4.4.1' but that did not work.

We then tried a route-map/static tcp NAT combination recommended by the Cisco TAC but it does not work:

Topology:

inside mail server ip 3.3.3.2 <---> NAT router <----> oustside host 4.4.4.1

Here is the config pretty much in its entirety:

!

!

ip cef

!

!

!

interface Multilink1

ip address 216.226.201.x 255.255.255.252

no cdp enable

ppp multilink

ppp multilink fragment disable

ppp multilink group 1

!

interface FastEthernet0/0

ip address 3.3.3.1 255.255.255.0

ip accounting output-packets

no ip mroute-cache

speed 100

full-duplex

no cdp enable

!

interface Serial0/0

bandwidth 1536

no ip address

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

load-interval 30

no fair-queue

no cdp enable

ppp multilink

ppp multilink group 1

!

interface Serial0/1

description PTP with Qwest

bandwidth 1536

no ip address

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

load-interval 30

no fair-queue

no cdp enable

ppp multilink

ppp multilink group 1

!

ip route 0.0.0.0 0.0.0.0 216.226.151.x

!

!

no ip http server

no ip http secure-server

!

no logging trap

ip nat inside source static tcp 3.3.3.2 2525 3.3.3.2 25 route-map TLS extendable

access-list 100 permit tcp host 3.3.3.2 host 4.4.4.1 eq 25

!

no cdp run

!

route-map TLS permit 10

match ip address 100

!

!

end

The above config kept locking up our Internet traffic. The tech said it worked in their lab environment but later said the above configuration is not supported.

Can someone help me with the above config to accomplish what we are trying to do? I've been told that we need to run firewall IOS and configurate the above edge router like a firewall instead of a router but I am at a loss on how it should be configured.

Thanx,

1 REPLY
Silver

Re: Trying to create router Port redirect on router IOS (or fire

Instead of this:

ip nat inside source static tcp 3.3.3.2 2525 3.3.3.2 25 route-map TLS extendable

it should be:

ip nat inside source static tcp 3.3.3.2 2525 216.226.201.x 25 route-map TLS extendable

You should have another translation for all other traffic; for ex:

ip nat inside source route-map all-nat interface mu1 overload

access-list 101 permit ip 3.3.3.x 0.0.0.255 any

route-map all-nat permit 10

match ip add 101

You will also need:

int Mu1

ip nat outside

int f0/0

ip nat inside

HTH pls rate!

190
Views
7
Helpful
1
Replies
CreatePlease login to create content