port forwarding on primary ip

[JackyZhang]

I tried to do nating on our primary ip of PIX515e, like this:
access-list acl-outside permit tcp any host 142.142.142.142 eq www
static (inside,outside) tcp 142.142.142.142

http://www 10.1.0.239

http://www netmask

255.255.255.255 0 0

access-list rules works for other static mapping, for example smtp,

http://www on

different ip address.

but it doesn't work on primary ip, my question is "Can we do port fordwarding on primary ip address of PIX?"

Thanks,

Jacky Zhang
CNE,MCSE

 

[KiscoKid]

Try:

static (inside,outside) tcp interface

http://www 10.1.0.239

http://www netmask

255.255.255.255 0 0

 

[JackyZhang]

Thanks,

Jacky Zhang
CNE,MCSE

 

[BlitzCan]

I'm having a similar problem. I need to configure a PIX 501 to allow inbound SMTP connections to an Exchange server. Simple enough, yes, and I've done this before on a PIX 515E without problems, but can't seem to make it work this time.

Here are the pertinent excepts from the config:

global (outside) 1 interface
access-list outside_in permit tcp any interface outside eq smtp
static (inside,outside) tcp interface smtp 172.18.142.254 smtp netmask 255.255.255.255 0 0
access-group outside_in in interface outside

Thanks in advance!

 

[BlitzCan]

I thought I should mention that when I try and telnet into the router on port 25 from an external connection, it isn't rejected. Instead, it appears to connect, but then the cursor just sits there, and key inputs dont echo. Eventually, the connection drops though. I'm familiar with the "200 *****************" response from fixup smtp, but this is truly bizarre. If I try to telnet on any other port, it simply gets rejected, which tells me that something is happening on port 25.

Oh, and telnet port 25 connections to the actual server's internal IP are fine, and are greeted with the usual Exchange messages. So, that's not the problem either.

Thanks again!