• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 854
  • Last Modified:

Cisco Port mapping problem

I am trying to do a simple Port map on my Cisco IOS.

trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.

the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:

Overriding a System-Defined Port Mapping Example

In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (192.168.33.33), while port 25 is mapped with HTTP services.

access-list 15 permit 192.168.33.33
ip port-map smtp port 2525 list 15

problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work

access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15
0
mxrider_420
Asked:
mxrider_420
  • 4
1 Solution
 
vikrantambhoreCommented:
It's verry simple please use as per below
ip nat inside source static tcp 192.168.2.2 2525 interface Dialer1 2525


192.168.2.2------> internal exchange server
Dialer1------------> WAN Interface
0
 
greg wardSystems EngineerCommented:
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15

did you mean

access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 109

Greg
0
 
mxrider_420Author Commented:
Author:vikrantambhore --> I already have that nat rule ... still not working

Greg: that is exactly what i have been trying and it pukes:

check it out:

ROUTER3A-EXCHANGE(config)#access-list 109 extended permit 192.168.1.57
                                          ^
% Invalid input detected at '^' marker.

ROUTER3A-EXCHANGE(config)#ip port-map smtp port 2525 list 109
                                                            ^
% Invalid input detected at '^' marker.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
mxrider_420Author Commented:
this is a strange error that i cant understand. like if my interface uses a extended acl then why cant i create a port map with that?
0
 
mxrider_420Author Commented:
Answer:
Modify acl to a standard, apply a port map and then add new rule to group. forward port to host.
0
 
mxrider_420Author Commented:
Not a full answer but shows the steps
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now