Cisco Port mapping problem

Posted on 2011-03-04
Last Modified: 2012-05-11
I am trying to do a simple Port map on my Cisco IOS.

trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.

the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:

Overriding a System-Defined Port Mapping Example

In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (, while port 25 is mapped with HTTP services.

access-list 15 permit
ip port-map smtp port 2525 list 15

problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work

access-list 109 extended permit
ip port-map smtp port 2525 list 15
Question by:mxrider_420
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Expert Comment

ID: 35041602
It's verry simple please use as per below
ip nat inside source static tcp 2525 interface Dialer1 2525> internal exchange server
Dialer1------------> WAN Interface
LVL 15

Expert Comment

by:greg ward
ID: 35042001
access-list 109 extended permit
ip port-map smtp port 2525 list 15

did you mean

access-list 109 extended permit
ip port-map smtp port 2525 list 109


Author Comment

ID: 35043592
Author:vikrantambhore --> I already have that nat rule ... still not working

Greg: that is exactly what i have been trying and it pukes:

check it out:

ROUTER3A-EXCHANGE(config)#access-list 109 extended permit
% Invalid input detected at '^' marker.

ROUTER3A-EXCHANGE(config)#ip port-map smtp port 2525 list 109
% Invalid input detected at '^' marker.
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?


Author Comment

ID: 35045007
this is a strange error that i cant understand. like if my interface uses a extended acl then why cant i create a port map with that?

Accepted Solution

mxrider_420 earned 0 total points
ID: 35046374
Modify acl to a standard, apply a port map and then add new rule to group. forward port to host.

Author Closing Comment

ID: 35107024
Not a full answer but shows the steps

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month11 days, 5 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question