Cisco Port mapping problem

Posted on 2011-03-04
Last Modified: 2012-05-11
I am trying to do a simple Port map on my Cisco IOS.

trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.

the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:

Overriding a System-Defined Port Mapping Example

In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (, while port 25 is mapped with HTTP services.

access-list 15 permit
ip port-map smtp port 2525 list 15

problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work

access-list 109 extended permit
ip port-map smtp port 2525 list 15
Question by:mxrider_420
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Expert Comment

ID: 35041602
It's verry simple please use as per below
ip nat inside source static tcp 2525 interface Dialer1 2525> internal exchange server
Dialer1------------> WAN Interface
LVL 15

Expert Comment

by:greg ward
ID: 35042001
access-list 109 extended permit
ip port-map smtp port 2525 list 15

did you mean

access-list 109 extended permit
ip port-map smtp port 2525 list 109


Author Comment

ID: 35043592
Author:vikrantambhore --> I already have that nat rule ... still not working

Greg: that is exactly what i have been trying and it pukes:

check it out:

ROUTER3A-EXCHANGE(config)#access-list 109 extended permit
% Invalid input detected at '^' marker.

ROUTER3A-EXCHANGE(config)#ip port-map smtp port 2525 list 109
% Invalid input detected at '^' marker.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 35045007
this is a strange error that i cant understand. like if my interface uses a extended acl then why cant i create a port map with that?

Accepted Solution

mxrider_420 earned 0 total points
ID: 35046374
Modify acl to a standard, apply a port map and then add new rule to group. forward port to host.

Author Closing Comment

ID: 35107024
Not a full answer but shows the steps

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL deny / Permit 10 56
Opening Ports for Specific LAN IP Address on Juniper SRX240 3 82
X.509 Cert Upload to Cisco WAP 6 58
Cisco Click-to-call API question 5 16
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question