FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

PIC 501 Redirect IP

Forum Index -> comp.dcom.sys.cisco

Author	Message
Robert Guest	Posted: Tue Apr 18, 2006 12:35 pm    Post subject: PIC 501 Redirect IP Hello I have 2 PIX 501 i want to move 1 emial server from 1 place to another can i redirect IP? for example old IP was 80.80.80.80 and new is 90.90.90.90 (in different location) It ist possible? object-group service tcp_mail tcp description tcp portts for email port-object eq www port-object eq https port-object eq pop3 port-object eq smtp access-list outside_access_in permit tcp any host 80.80.80.80 object-group tcp_mail static (inside,outside) 80.80.80.80 80.80.80.80 netmask 255.255.255.255 0 0 Thank you Robert
Back to top
AM Guest	Posted: Tue Apr 18, 2006 12:58 pm    Post subject: Re: PIC 501 Redirect IP Robert wrote: Quote: Hello I have 2 PIX 501 i want to move 1 emial server from 1 place to another can i redirect IP? for example old IP was 80.80.80.80 and new is 90.90.90.90 (in different location) It ist possible? object-group service tcp_mail tcp description tcp portts for email port-object eq www port-object eq https port-object eq pop3 port-object eq smtp access-list outside_access_in permit tcp any host 80.80.80.80 object-group tcp_mail static (inside,outside) 80.80.80.80 80.80.80.80 netmask 255.255.255.255 0 0 Thank you Robert clear xlate no static (inside,outside) 80.80.80.80 80.80.80.80 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.90.90 90.90.90.90 netmask 255.255.255.255 0 0 Take note of the position of old rule in the outside_access_in ACL no access-list outside_access_in permit tcp any host 80.80.80.80 object-group tcp_mail access-list outside_access_in line <put here the position of the old rule> permit tcp any host 90.90.90.90 object-group tcp_mail access-group outside_access_in in interface outside What does "in different location" mean? Alex
Back to top
Robert Guest	Posted: Tue Apr 18, 2006 1:19 pm    Post subject: Re: PIC 501 Redirect IP Quote: clear xlate no static (inside,outside) 80.80.80.80 80.80.80.80 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.90.90 90.90.90.90 netmask 255.255.255.255 0 0 Take note of the position of old rule in the outside_access_in ACL no access-list outside_access_in permit tcp any host 80.80.80.80 object-group tcp_mail access-list outside_access_in line <put here the position of the old rule permit tcp any host 90.90.90.90 object-group tcp_mail access-group outside_access_in in interface outside What does "in different location" mean? Thank you in different location means - at the moment mail server is in Datacenter we want to move inhouse (do not ask me why - company deicided) i created another MX record pointed to new IP but some of the users will forgot (likke always) to change SMTP/POP3 servers that is the reason wy i want to redirect IPs datacenter IP's are (for example) 80.80.80.80 and office 90.90.90.90 The problem is that PIX in datacenter has no access to 90.90.90.90 network that is i am worried about static (inside,outside) 90.90.90.90 90.90.90.90 netmask 255.255.255.255 0 0 but i will try Thanks again Robert
Back to top
Walter Roberson Guest	Posted: Tue Apr 18, 2006 5:34 pm    Post subject: Re: PIC 501 Redirect IP In article <e228hg$52r$1@pop-news.nl.colt.net>, Robert <mor_feusz@tlen.pl> wrote: Quote: I have 2 PIX 501 i want to move 1 emial server from 1 place to another can i redirect IP? for example old IP was 80.80.80.80 and new is 90.90.90.90 (in different location) It ist possible? If you mean that you want incoming traffic to 80.80.80.80 to be redirected to the external IP address 90.90.90.90 [at your other site], then the answer is NO. The PIX 501 will never send traffic back out the same interface it was received on, so the incoming 80.80.80.80 cannot be redirected out that interface back to the internet for delivery to 90.90.90.90 .
Back to top
Robert Guest	Posted: Tue Apr 18, 2006 8:06 pm    Post subject: Re: PIC 501 Redirect IP Quote: If you mean that you want incoming traffic to 80.80.80.80 to be redirected to the external IP address 90.90.90.90 [at your other site], then the answer is NO. The PIX 501 will never send traffic back out the same interface it was received on, so the incoming 80.80.80.80 cannot be redirected out that interface back to the internet for delivery to 90.90.90.90 . ok I will have to change DNS record and point to specific IP (it they will forget) Thank you Walter Regards Robert
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> comp.dcom.sys.cisco	All times are GMT
Page 1 of 1