No incoming SMTP PIX 515 7.2(2)

Unanswered Question
Dec 20th, 2007
User Badges:

Hello...I just dropped a PIX 515e (which has 7.2(2) running on it). They have an MS Exchange server on the inside, Static NAT to a public IP...the box is able to send email outbound no problem, but not able to receive INBOUND smtp..syslog shows "FIN timeouts" on teardowns. Any help on this would be greatly appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 12/20/2007 - 06:27
User Badges:
  • Purple, 4500 points or more


Have you created a NAT translation for inbound access?

static (inside,outside) tcp [outside ip] 25 [inside ip] 25 netmask

Have you also create an access-list to allow SMTP inbound?

pizzov Thu, 12/20/2007 - 06:58
User Badges:

yes, it's a static one-to-one translation, and also access rules allowing SMTP outbound (which is working) and also ACLs allowing SMTP, HTTPS, HTTP, etc, from outside to this host...from the remote office, I am able to "telnet" with port 25 to this server (and see the syslog message: "built inbound TCP connection 35685 for outside:x.x.x.x/8387 to inside:HS_EXCHANGE/25(x.x.x.x)

So I know the port is open to this box....I didn't make any changes to the IP addresses (from their old software firewall)....I'm just not seeing any "inbound" connections being built, besides the one I tried w/Telnet....maybe the upstream SPAM filter?

pizzov Thu, 12/20/2007 - 09:57
User Badges:

Ok, problem solved. I was using the name of the server "HS_EXCHANGE" in the ACL for the outside interface. I changed the name to the actual traslated Public IP address of the server, within the ACL, and now it works. I never had to do this on the old version of PIX code...something new maybe.


This Discussion