Redirect Ports

[kgrinberg]

Hello! Currently my Firewall is setup to translate my public IP to my Private IP For my Mail Server.

static (inside,outside) 65.x.x.x 192.x.x.x netmask 255.255.255.255 0 0

There is also a ACL to allow all traffic to this ip on port 25 to be allowed.

access-list inside_access_in permit tcp host 192.x.x.x any eq smtp

I was just told that I need the firewall to redirect the port for the mail. Exchange server will need to process it on a different port, ex. 2525. To change the static rule, I had to remove the ACL, then I put the static rule back using the port redirection and put the same ACL back. Now all Mail traffic at port 25 is being denied. Can someone advise what is the proper way to handle this.
Thank You!

 

[mtashiro]

Yoou do not need to redirect unless you want it to go to a non-standard port. For example: Web traffic coming in (port 80) goes to server expecting web traffic on port 9999.

In your case you just need the static and the ACL however your ACL is not correct. You need to use the outside IP in the acl not the inside:

access-list inside_access_in permit tcp host 65.x.x.x any eq smtp