Redirect SMTP traffic

Discussion in 'Cisco' started by dandav, Aug 16, 2007.

  1. dandav

    dandav

    Joined:
    Aug 16, 2007
    Messages:
    3
    Likes Received:
    0
    Currently outside (public) ip is mapped to internal address of Small Business Server. Allow HTTP, HTTPS, POP3, SMTP and 4125 to ip 1.2.3.4. I have added a new server for email scanning and need SMTP to flow to this server 1.2.3.5 instead of existing server but everything else to remain as is. Is there a way to do this in the PIX? Thanks.
     
    dandav, Aug 16, 2007
    #1
    1. Advertisements

  2. dandav

    NateVR

    Joined:
    Aug 16, 2007
    Messages:
    8
    Likes Received:
    0
    Did you do the inital config?

    Just use the config for the current SMTP Nat and ACL and redo it for the new server.

    Are your ACLs individual or are you using a service group?
     
    NateVR, Aug 16, 2007
    #2
    1. Advertisements

  3. dandav

    dandav

    Joined:
    Aug 16, 2007
    Messages:
    3
    Likes Received:
    0
    I didn't do the initial config. We are without a Cisco guy right now so I am trying to stumble through this. I can look at the current config.
     
    dandav, Aug 16, 2007
    #3
  4. dandav

    NateVR

    Joined:
    Aug 16, 2007
    Messages:
    8
    Likes Received:
    0
    Look for the access list statements for SMTP, HTTP, etc and see if they are all within one line or if there is a seperate ACL for each.

    If there is a statement for strictly SMTP you should be able to change the config for that individual one after you add a nat for your new host.
     
    NateVR, Aug 16, 2007
    #4
  5. dandav

    dandav

    Joined:
    Aug 16, 2007
    Messages:
    3
    Likes Received:
    0
    I have:

    access-list WEBMAIL permit tcp any host xx.xx.xx.xx eq smtp

    there is also:

    static (inside,outside) xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.255 0 0
    access-group WEBMAIL in interface outside
    route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
     
    dandav, Aug 16, 2007
    #5
  6. dandav

    NateVR

    Joined:
    Aug 16, 2007
    Messages:
    8
    Likes Received:
    0
    Without being able to line the xs up it is a little hard to say, I would guess the static nat statement you listed lined up with the ip on the webmail acl.

    Are you only allowed 1 external IP? If so, you will probably need to add a line line this...

    static (inside,outside) tcp outsideIP 25 internalIPofNewMailserver 25 netmask 255.255.255.255 0 0

    Just a guess though so try after hours.

    Now that I think about it I think you would need a nat statement with "interface" if you only had 1 IP, maybe you have multiple outside IPs you can use? If so, you could pick a new IP and not use the port numbers in the static statement.

    Then, change your ACL to the new IP you set.
     
    Last edited: Aug 16, 2007
    NateVR, Aug 16, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.