Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > pix 501 port redirection

Reply
Thread Tools

pix 501 port redirection

 
 
gefunk gefunk is offline
Junior Member
Join Date: Aug 2006
Posts: 2
 
      08-30-2006
Hey guys, I am completely stuck with this port redirection problem. I had the pix forwarding the ports to my exchange mail server yesterday. But all of a sudden today the pix wouldn't let the traffic through to the mail server. I can't figure out what is going on. Please HELP!!! I am posting my config to the forum.

thanks,
rahul

P.S. I have tried to follow so many other configs but all of them fail. please let me know what i am doing wrong here. I know my mailserver because i can access it on the internal lan

my setup is INTERNET ---> PIX ----> Internal LAN

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password Dtz5T/b57zithj.d encrypted
passwd XMXqv.PfYjShc4N6 encrypted
hostname pixfirewall
domain-name guru.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.1.10 mailserver
access-list aclOUTSIDE permit ip any any
access-list inbound-outside permit tcp host 69.38.87.178 any eq 8080
access-list inbound permit tcp any host 69.38.87.178 eq 8080
access-list aclVPN permit ip 192.168.1.0 255.255.255.0 149.2.53.0 255.255.255.0

access-list aclNONAT permit ip 192.168.1.0 255.255.255.0 149.2.53.0 255.255.255.
0
access-list outside_in permit tcp any host 69.38.87.178 eq telnet
access-list outside_in permit tcp any host 69.38.87.178 eq ftp
access-list outside_in permit tcp any host 69.38.87.178 eq smtp
access-list outside_in permit tcp any host 69.38.87.178 eq www
access-list outside_in permit tcp any host 69.38.87.178 eq 8080
pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside 69.38.87.178 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list aclNONAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface telnet mailserver telnet netmask 255.255.2
55.255 0 0
static (inside,outside) tcp interface www mailserver www netmask 255.255.255.255
0 0
static (inside,outside) tcp interface smtp mailserver smtp netmask 255.255.255.2
55 0 0
route outside 0.0.0.0 0.0.0.0 69.38.87.190 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set setAC esp-des esp-md5-hmac
crypto ipsec transform-set setAC3DES esp-3des esp-md5-hmac
crypto map acmap 10 ipsec-isakmp
crypto map acmap 10 match address aclVPN
crypto map acmap 10 set peer 149.2.53.19
crypto map acmap 10 set transform-set setAC3DES
crypto map acmap interface outside
isakmp enable outside
isakmp key ******** address 149.2.53.19 netmask 255.255.255.255
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 15
console timeout 0
dhcpd address 192.168.1.100-192.168.1.131 inside
dhcpd dns 207.217.120.83 207.217.126.81
dhcpd lease 366000
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
gefunk is online now Edit/Delete Message
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pix 501 Port Redirection Nightmares idelorey@gmail.com Cisco 1 10-23-2007 04:53 PM
PIX 501 - Port Redirection idelorey@gmail.com Cisco 1 05-30-2007 11:17 PM
help with port redirection pix 501 gefunk General Computer Support 0 08-30-2006 07:36 PM
Troubleshooting port redirection on PIX 501 using Syslog - PDM3.0.jpg (0/1) JohnA Cisco 3 07-22-2005 02:58 PM
pix 501 port redirection problem John Smith Cisco 2 02-19-2004 07:21 AM



Advertisments