Adding second mail server behind 515E

Unanswered Question
Feb 12th, 2008

I have a PIX 515E running 6.3(3) that has one mail server currently running behind it with the following ACL:

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq pop3

AND the following static:

static (inside,outside) xxx.xxx.xxx.xx1 10.1.100.197 netmask 255.255.255.255 0 0

I want to add another physical mail server (serving a separate domain) that routes to a separate public IP.

I have attempted to just add:

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq pop3

and a static of:

static (inside,outside) xxx.xxx.xxx.xx2 10.1.100.198 netmask 255.255.255.255 0 0

I cannot get traffic through in either direction on the new mail server. I can, however access the internet from the new mail server box.

Where am I going wrong?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Tue, 02/12/2008 - 14:01

sh xlate det | inc 10.1.100.198, are you getting xlated to xxx.xxx.xxx.xx2..? confirm this,

Disabled the fixup smtp, is your mail domain resolving to xxx.xxx.xxx.xx2 ? (do a nslookup for mail..com

If the issue is only for mail traffic I suspect the ISP needs to point the MX records to your FW

Actions

This Discussion