Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 7.2/8.0 port redirect problem

Dear Sir,

i have PIX configured to allow internal users to access the internet, and to allow external users to access internal FTP, HTTP and email

the problem is that external users cannot access HTTP and FTP

and the mails cannot recieved

from outside

this is my configuration

hostname pixfirewall

enable password 8Ry2YjIyt7RRXU24 encrypted



interface Ethernet0

nameif outside

security-level 0

ip address ********


interface Ethernet1

nameif inside

security-level 100

ip address


passwd 2KFQnbNIdI.2KYOU encrypted

no ftp mode passive

access-list access-in extended permit tcp any any eq ftp

access-list access-in extended permit icmp any any

access-list access-in extended permit tcp any any eq 3389

access-list access-in extended permit tcp any any eq smtp

access-list access-in extended permit tcp any any eq http

pager lines 24

<--- More --->

logging enable

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 10

static (inside,outside) tcp ***** ftp ftp netmask

static (inside,outside) tcp **** http http netmask

static (inside,outside) tcp **** smtp smtp netmask

access-group access-in in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh timeout 5

console timeout 0

<--- More --->

threat-detection basic-threat

threat-detection statistics access-list


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

<--- More --->

inspect sip

inspect xdmcp

policy-map global_poliy

class inspection_default


service-policy global_policy global

prompt hostname context


Re: PIX 7.2/8.0 port redirect problem

Try this if the public address you are using is also the outside interface address...

static (inside,outside) tcp interface ftp ftp netmask

static (inside,outside) tcp interface http http netmask

static (inside,outside) tcp interface smtp smtp netmask