mxrider_420
asked on
Cisco Port mapping problem
I am trying to do a simple Port map on my Cisco IOS.
trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.
the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:
Overriding a System-Defined Port Mapping Example
In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (192.168.33.33), while port 25 is mapped with HTTP services.
access-list 15 permit 192.168.33.33
ip port-map smtp port 2525 list 15
problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15
trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.
the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:
Overriding a System-Defined Port Mapping Example
In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (192.168.33.33), while port 25 is mapped with HTTP services.
access-list 15 permit 192.168.33.33
ip port-map smtp port 2525 list 15
problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15
did you mean
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 109
Greg
ip port-map smtp port 2525 list 15
did you mean
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 109
Greg
ASKER
Author:vikrantambhore --> I already have that nat rule ... still not working
Greg: that is exactly what i have been trying and it pukes:
check it out:
ROUTER3A-EXCHANGE(config)# access-lis t 109 extended permit 192.168.1.57
^
% Invalid input detected at '^' marker.
ROUTER3A-EXCHANGE(config)# ip port-map smtp port 2525 list 109
^
% Invalid input detected at '^' marker.
Greg: that is exactly what i have been trying and it pukes:
check it out:
ROUTER3A-EXCHANGE(config)#
^
% Invalid input detected at '^' marker.
ROUTER3A-EXCHANGE(config)#
^
% Invalid input detected at '^' marker.
ASKER
this is a strange error that i cant understand. like if my interface uses a extended acl then why cant i create a port map with that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not a full answer but shows the steps
ip nat inside source static tcp 192.168.2.2 2525 interface Dialer1 2525
192.168.2.2------> internal exchange server
Dialer1------------> WAN Interface