Solved

Cisco Port mapping problem

Posted on 2011-03-04
6
733 Views
Last Modified: 2012-05-11
I am trying to do a simple Port map on my Cisco IOS.

trying to map smtp to port 2525 for a specific host 192.168.x.x where my exchange server is.

the PROBLEM i run into is my interface has an EXTENDED access rule and i can not for the LIFE of me seem to apply the port map to the extended ACL. HERE is what im looking to do:

Overriding a System-Defined Port Mapping Example

In this example, a specific host runs HTTP services on port 25, which is the system-defined port number for SMTP services. This requires a host-specific PAM entry that overrides the system-defined default port mapping for HTTP, which is port 80. ACL 15 identifies the host address (192.168.33.33), while port 25 is mapped with HTTP services.

access-list 15 permit 192.168.33.33
ip port-map smtp port 2525 list 15

problem is that example i took from a cisco site is usint a STANDARD ACL mine is extended and since you can only have 1 ACL per direction i can't apply my port map because when i do this it refuses to work

access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15
0
Comment
Question by:mxrider_420
  • 4
6 Comments
 
LVL 6

Expert Comment

by:vikrantambhore
ID: 35041602
It's verry simple please use as per below
ip nat inside source static tcp 192.168.2.2 2525 interface Dialer1 2525


192.168.2.2------> internal exchange server
Dialer1------------> WAN Interface
0
 
LVL 15

Expert Comment

by:deepdraw
ID: 35042001
access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 15

did you mean

access-list 109 extended permit 192.168.33.33
ip port-map smtp port 2525 list 109

Greg
0
 
LVL 1

Author Comment

by:mxrider_420
ID: 35043592
Author:vikrantambhore --> I already have that nat rule ... still not working

Greg: that is exactly what i have been trying and it pukes:

check it out:

ROUTER3A-EXCHANGE(config)#access-list 109 extended permit 192.168.1.57
                                          ^
% Invalid input detected at '^' marker.

ROUTER3A-EXCHANGE(config)#ip port-map smtp port 2525 list 109
                                                            ^
% Invalid input detected at '^' marker.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Author Comment

by:mxrider_420
ID: 35045007
this is a strange error that i cant understand. like if my interface uses a extended acl then why cant i create a port map with that?
0
 
LVL 1

Accepted Solution

by:
mxrider_420 earned 0 total points
ID: 35046374
Answer:
Modify acl to a standard, apply a port map and then add new rule to group. forward port to host.
0
 
LVL 1

Author Closing Comment

by:mxrider_420
ID: 35107024
Not a full answer but shows the steps
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now