?
Solved

Cisco Pix 515e allow inbound and outbound traffic on port 25 for fixed LAN ip address

Posted on 2009-12-30
11
Medium Priority
?
1,206 Views
Last Modified: 2012-05-08
I have a cisco pix 515e and I need to open port 25 for both inbound and outbound traffic on local fixed ip address.  I have pretty good knowledge of the cisco command line.  Just not sure how I should put it in my configuration.
0
Comment
Question by:dman19691
8 Comments
 
LVL 17

Expert Comment

by:rochey2009
ID: 26146906
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml#topic9

Hi,

Have a look at the section called Partial PIX Configuration - Port Redirection(Forwarding)

which shows an example of what your trying to do.
0
 
LVL 4

Expert Comment

by:nasirsh
ID: 26147076
You can try this

static (inside,outside) Public_IP Private_IPnetmask 255.255.255.255
static (inside,inside) Public_IP Private_IPnetmask 255.255.255.255

and then
 
access-list internet extended permit tcp any host IP eq 25
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26147689
Hi,

Only this lines that you need:

static (inside,outside) tcp Public_IP 25 Private_IP 25 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host IP eq 25
access-group outside_access_in in interface outside

Best regards,
Istvan
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 

Author Comment

by:dman19691
ID: 26148528
The IOS did not like the second command line.  What is extended?  Plus at the end of host you have IP?  What address am I puttin in there?  I'm on Pix version 6.3.   Thanks.
0
 
LVL 7

Expert Comment

by:joelvp
ID: 26149136
- just leave the extended out, pix 6.3 does not know about extended yet
- IP should be the Public_IP (just the IP, no need to add a subnet mask)

Rgds, Joel
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 2000 total points
ID: 26151091
Hi,

In this case you need the following:

static (inside,outside) tcp Public_IP 25 Private_IP 25 netmask 255.255.255.255
access-list outside_access_in permit tcp any host IP eq 25
access-group outside_access_in in interface outside
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 32477974
Hi,

Did you tried my suggestion?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 32770442
my commands are working...

don't forget to add 'clear xlate'
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question