Redirect SMTP traffic

Currently outside (public) ip is mapped to internal address of Small Business Server. Allow HTTP, HTTPS, POP3, SMTP and 4125 to ip 1.2.3.4. I have added a new server for email scanning and need SMTP to flow to this server 1.2.3.5 instead of existing server but everything else to remain as is. Is there a way to do this in the PIX? Thanks.

 

Did you do the inital config?

Just use the config for the current SMTP Nat and ACL and redo it for the new server.

Are your ACLs individual or are you using a service group?

 

I didn't do the initial config. We are without a Cisco guy right now so I am trying to stumble through this. I can look at the current config.

 

Look for the access list statements for SMTP, HTTP, etc and see if they are all within one line or if there is a seperate ACL for each.

If there is a statement for strictly SMTP you should be able to change the config for that individual one after you add a nat for your new host.

 

I have:

access-list WEBMAIL permit tcp any host xx.xx.xx.xx eq smtp

there is also:

static (inside,outside) xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.255 0 0
access-group WEBMAIL in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1

 

Without being able to line the xs up it is a little hard to say, I would guess the static nat statement you listed lined up with the ip on the webmail acl.

Are you only allowed 1 external IP? If so, you will probably need to add a line line this...

static (inside,outside) tcp outsideIP 25 internalIPofNewMailserver 25 netmask 255.255.255.255 0 0

Just a guess though so try after hours.

Now that I think about it I think you would need a nat statement with "interface" if you only had 1 IP, maybe you have multiple outside IPs you can use? If so, you could pick a new IP and not use the port numbers in the static statement.

Then, change your ACL to the new IP you set.