PIX Not Allowing SMTP from Outside Interface

Unanswered Question
Feb 3rd, 2008

Hello, all. Here's the scenario: PIX 501 provides firewall/VPN services to office with the web/mail server on the inside. Mail and web work fine on the local LAN, and web and POP/IMAP work fine on the outside, but SMTP does not. It appears that all outbound mail traffic coming through the outside interface is blocked, so outside of the office folks can receive mail just fine, but can't send.

My current config is attached.

Many thanks, in advance, for any suggestions you may have.

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fahad.sheikh Sun, 02/03/2008 - 12:14

On the outside interface of your firewall apply a access-list to permit traffic the public ip of the mail server on the SMTP port. This should resolve your problem.

auroratech@mac.com Sun, 02/03/2008 - 12:29

I believe I've already got that. From my posted config:

access-list outside-in permit tcp any host eq smtp

auroratech@mac.com Sun, 02/03/2008 - 12:41

Yes, it is the public IP address of the mail server, which is also the IP address of the outside interface of the PIX.

Actions

This Discussion