Redirect SMTP traffic

Discussion in 'Cisco' started by dandav, Aug 16, 2007.

  1. dandav

    dandav

    Joined:
    Aug 16, 2007
    Messages:
    3
    Currently outside (public) ip is mapped to internal address of Small Business Server. Allow HTTP, HTTPS, POP3, SMTP and 4125 to ip 1.2.3.4. I have added a new server for email scanning and need SMTP to flow to this server 1.2.3.5 instead of existing server but everything else to remain as is. Is there a way to do this in the PIX? Thanks.
    dandav, Aug 16, 2007
    #1
    1. Advertising

  2. dandav

    NateVR

    Joined:
    Aug 16, 2007
    Messages:
    9
    Did you do the inital config?

    Just use the config for the current SMTP Nat and ACL and redo it for the new server.

    Are your ACLs individual or are you using a service group?
    NateVR, Aug 16, 2007
    #2
    1. Advertising

  3. dandav

    dandav

    Joined:
    Aug 16, 2007
    Messages:
    3
    I didn't do the initial config. We are without a Cisco guy right now so I am trying to stumble through this. I can look at the current config.
    dandav, Aug 16, 2007
    #3
  4. dandav

    NateVR

    Joined:
    Aug 16, 2007
    Messages:
    9
    Look for the access list statements for SMTP, HTTP, etc and see if they are all within one line or if there is a seperate ACL for each.

    If there is a statement for strictly SMTP you should be able to change the config for that individual one after you add a nat for your new host.
    NateVR, Aug 16, 2007
    #4
  5. dandav

    dandav

    Joined:
    Aug 16, 2007
    Messages:
    3
    I have:

    access-list WEBMAIL permit tcp any host xx.xx.xx.xx eq smtp

    there is also:

    static (inside,outside) xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.255 0 0
    access-group WEBMAIL in interface outside
    route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
    dandav, Aug 16, 2007
    #5
  6. dandav

    NateVR

    Joined:
    Aug 16, 2007
    Messages:
    9
    Without being able to line the xs up it is a little hard to say, I would guess the static nat statement you listed lined up with the ip on the webmail acl.

    Are you only allowed 1 external IP? If so, you will probably need to add a line line this...

    static (inside,outside) tcp outsideIP 25 internalIPofNewMailserver 25 netmask 255.255.255.255 0 0

    Just a guess though so try after hours.

    Now that I think about it I think you would need a nat statement with "interface" if you only had 1 IP, maybe you have multiple outside IPs you can use? If so, you could pick a new IP and not use the port numbers in the static statement.

    Then, change your ACL to the new IP you set.
    Last edited: Aug 16, 2007
    NateVR, Aug 16, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Albert
    Replies:
    3
    Views:
    3,403
    Barry Margolin
    Jul 21, 2004
  2. Gibo_ie

    Traffic redirect on a 1601R

    Gibo_ie, Oct 1, 2004, in forum: Cisco
    Replies:
    4
    Views:
    588
    martingibney@gmail.com
    Oct 4, 2004
  3. mimiseh
    Replies:
    3
    Views:
    836
  4. rem2500@gmail.com
    Replies:
    1
    Views:
    626
    Walter Roberson
    Jan 24, 2006
  5. thomas
    Replies:
    6
    Views:
    777
    thomas
    Sep 2, 2006
Loading...

Share This Page