Pix 506e and Exchange

Unanswered Question
Nov 7th, 2007

We have an exchange server on our internal network. The MX record is pointed to a 2nd IP address on our T-1. I am trying to set up a translation rule to forward the mail to our interal exchange server.

Anyone know of a document that explains how to do this?

I guess what I'm trying to figure out first is how do I "grab" that other IP so when a packet goes to it NAT knows to forward it inside to exchange.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 11/07/2007 - 23:49


Is the 2nd ip address in the same subnet as the outside interface of your pix ? If so

static (inside,outside) "2nd ip address" "internal mail server ip address"

If the 2nd ip address is not in same subnet you need to make sure that any traffic sent to that ip address gets routed to the outside interface of the pix and then you can use the above static statement.



triadvlad Thu, 11/08/2007 - 04:24

It is. We have a range of 5 IPs. One is our main interface, 1 for mail, 1 for web sites, 1 TBD.

So if I do this, I assume I'll need to put rules in place to allow SMTP, HTTP or whatever to the 2nd IP address.

Jon Marshall Thu, 11/08/2007 - 04:33

Yes you do need rules. So assuming the public IP address is your line for mail access would be

access-list inbound permit tcp any host eq 25


triadvlad Thu, 11/08/2007 - 07:08

Okay. I tried this but as yet it's not working. I ran these commands command line and when I run it again it says there is already an existing rule so I know it's saving. But when I go into the PDM I don't see this ACL anywhere. Shouldn't that be in Access Rules?

Jon Marshall Thu, 11/08/2007 - 07:11

In my experience PDM and the CLI do not always work well together.

Can you post the config so we can have a look at what might be the problem


triadvlad Thu, 11/08/2007 - 10:35

I haven't had a chance to actually try if these changes have worked yet. A rule is a rule isn't it? If I close the PDM and come back in and I put access rules in using CLI shoudn't they show up? Just curious. I'll upload my config later on.


This Discussion