Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Port mapping problem

Posted on 2011-03-04
6
Medium Priority
?
803 Views
Last Modified: 2012-05-11
I am trying to do a simple Port map on my Cisco IOS.

trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.

the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:

Overriding a System-Defined Port Mapping Example

In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (192.168.33.33), while port 25 is mapped with HTTP services.

access-list 15 permit 192.168.33.33
ip port-map smtp port 2525 list 15

problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work

access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15
0
Comment
Question by:mxrider_420
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 6

Expert Comment

by:vikrantambhore
ID: 35041602
It's verry simple please use as per below
ip nat inside source static tcp 192.168.2.2 2525 interface Dialer1 2525


192.168.2.2------> internal exchange server
Dialer1------------> WAN Interface
0
 
LVL 15

Expert Comment

by:greg ward
ID: 35042001
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15

did you mean

access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 109

Greg
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 35043592
Author:vikrantambhore --> I already have that nat rule ... still not working

Greg: that is exactly what i have been trying and it pukes:

check it out:

ROUTER3A-EXCHANGE(config)#access-list 109 extended permit 192.168.1.57
                                          ^
% Invalid input detected at '^' marker.

ROUTER3A-EXCHANGE(config)#ip port-map smtp port 2525 list 109
                                                            ^
% Invalid input detected at '^' marker.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:mxrider_420
ID: 35045007
this is a strange error that i cant understand. like if my interface uses a extended acl then why cant i create a port map with that?
0
 
LVL 1

Accepted Solution

by:
mxrider_420 earned 0 total points
ID: 35046374
Answer:
Modify acl to a standard, apply a port map and then add new rule to group. forward port to host.
0
 
LVL 1

Author Closing Comment

by:mxrider_420
ID: 35107024
Not a full answer but shows the steps
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question