Cisco PIX Hardening Port Forward
Posted on 2010-09-14
I am trying to set up this PIX 5.0 to only allow SMTP to come from a specific range of addresses. I have defined a group "ISPSMTP" covering this range and have also set up the port forwarding. Everything works great, but I can't figure out how to block all SMTP connection except those from the defined group.
I tried setting up a rule to only allow ISPSMTP to the the Exchange server. It appears to work, but when I apply the settings, it change the rule from the Exchange server to the IP of their old email server.
I checked all the definitions and there is nothing left that associates port 25 with the old server. So I don't know why the PIX tries to change it. I have tried defining the rule by name and also IP of the new server, but it always changes back.
This is all in the GUI as I am not a Cisco person. If anyone has heard of this issue or has an idea how to solve it, that would be great.