[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

Port Forwarding Question - Cisco Pix Firewall

We have a Cisco Pix Firewall v 6.1(4) that is fully configured and operational. E-mail comes in and goes to our Exchange server (10.156.0.30) Http requests come in and go to Exchange also for Outlook Web Access. We purchased a Barracuda spam firewall (10.156.0.113) and are trying to change the internal ip that smtp goes to while leaving Http requests as is.

I have tried various settings and cannot get this to work. Here are some of the lines from the original configuration.

access-list acl_inbound permit tcp any host 65.196.229.211 eq smtp
access-list acl_inbound permit tcp any host 65.196.229.211 eq http
alias (inside) 10.156.0.30 65.196.229.211 255.255.255.255
static (inside,outside) 65.196.229.211 10.156.0.30 netmask 255.255.255.255 0 0

I removed the alias and static lines and added this line:

static (inside,outside) tcp 65.196.229.211 smtp 10.156.0.113 smtp netmask 255.255.255.255 0 0

I saved the configuration (I think?) "write terminal" and then "write memory" yet mail still goes to 10.156.0.30

Nowhere in the config does 10.156.0.30 show up yet somehow the smtp packets still go there. How do I fix this to do what I want?

Thanks for the help.



0
amkbailey
Asked:
amkbailey
1 Solution
 
lrmooreCommented:
See if this is what you did:

no static (inside,outside) 65.196.229.211 10.156.0.30 netmask 255.255.255.255 0 0
no alias (inside) 10.156.0.30 65.196.229.211 255.255.255.255
clear xlate
static (inside,outside) tcp 65.196.229.211 smtp 10.156.0.113 smtp dns netmask 255.255.255.255
static (inside,outside) tcp 65.196.229.211 https 10.156.0.30 https dns netmask 255.255.255.255

If your v 6.1(4) chokes on the "dns" entry of the static above, then just don't put it in. This is the "new" version of "alias" command on 6.3(x). Highly suggest you upgrade to latest 6.3(4) and latest 3.02 PDM versions.


0
 
amkbaileyAuthor Commented:
Thanks!

It was the clear xlate command that did the trick.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now