Routing email from the internet to exchange server in DMZ

Unanswered Question
Oct 24th, 2007

I have an exchange server sitting in my DMZ, IP addy 10.x.x.x. In my pix I made a static(DMZ,outside) 10.x.x.x 208.x.x.x, to NAT the 10.x.x.x addy to a public IP of 208.x.x.x, also in the PIX i added acl putside permit tcp any 208.x.x.x eq smtp. In my outside router i added a permit tcp any 208.x.x.x eq smtp entry. Will this work? Any help would be great.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Wed, 10/24/2007 - 15:04

The configuration is correct for the most part except the static where the addresses are reversed. The mapped address should be the first one followed by the real address of the server. The syntax should be..

static(DMZ,outside) 208.x.x.x 10.x.x.x



alvarezromeo Wed, 10/24/2007 - 17:22

Thanks Sundar,

So making the change you suggested, why would I not be getting mail across? Are there any other entries I could make?

alvarezromeo Wed, 10/24/2007 - 18:36

Can you make sense of this, i think smtp is allowed in but not out, what entries would i make?

Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3743 dst outside: by access-group "DMZ"

Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3744 dst outside: by access-group "DMZ"

sundar.palaniappan Wed, 10/24/2007 - 19:23

Add this entry to the DMZ access list to allow traffic out from the server.

access-list DMZ permit tcp host any eq smtp




This Discussion