Announcement

Collapse
No announcement yet.

PIX 506e seems to be port forwarding to wrong machine

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PIX 506e seems to be port forwarding to wrong machine

    Please forgive my very limited Cisco knowledge. I know only basic commands.

    Ok, so we have a Cisco PIX 506e which is port forwarding various stuff to various servers. current config is;


    Code:
    static (inside,outside) tcp interface 123 192.168.174.213 123 netmask 255.255.255.255 0 0 
    static (inside,outside) udp interface ntp 192.168.174.213 ntp netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface 3101 192.168.174.213 3101 netmask 255.255.255.255 0 0 
    static (inside,outside) udp interface 1234 192.168.174.210 1234 netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface 3389 192.168.174.14 3389 netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface pptp 192.168.174.16 pptp netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface smtp 192.168.174.13 smtp netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface www 192.168.174.15 www netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface https 192.168.174.13 https netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface pop3 192.168.174.13 pop3 netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface imap4 192.168.174.13 imap4 netmask 255.255.255.255 0 0 
    static (inside,outside) tcp interface 993 192.168.174.13 993 netmask 255.255.255.255 0 0
    Now, our new Exchange server is running on ip .13, old one was .213. However, when someone tries to access the OWA, or any site running on https that is on our server, they get the site that is hosted on the old server, not the new one. Its like its port forwarding to the old address.

    What I have done:
    OK so the setting was to go to .213, so I telnet into the router, enable, conf t, run "no static (inside,outside) tcp interface https 192.168.174.213 https netmask 255.255.255.255 0 0" then "static (inside,outside) tcp interface https 192.168.174.13 https netmask 255.255.255.255 0 0" then wr mem. sh conf shows the above, so it looks like its worked, but for some reason external STILL goes to the old server...

    Have I done a stupid?

    Thanks in advance.
    James
    MCP

  • #2
    Re: PIX 506e seems to be port forwarding to wrong machine

    Try doing a:

    pixfirewall#clear xlate
    CCNA, Network+

    Comment


    • #3
      Re: PIX 506e seems to be port forwarding to wrong machine

      Thanks. I tried that, I tried removing the entry again, re-inputting etc etc. Still no joy.

      I contacting my brother-in-law who is accredited in Cisco, who took a look at my config and said that all looked good. He suggested removing the entry, restart the box, replace the entry, restart the box. Voilš! that worked. all works fine now. Must have gotten itself cached and confused and the 2 restarts cleared that out or something. Either way, I'm happy
      James
      MCP

      Comment

      Working...
      X