Adding second mail server behind 515E

Unanswered Question
Feb 12th, 2008
User Badges:

I have a PIX 515E running 6.3(3) that has one mail server currently running behind it with the following ACL:


access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq pop3


AND the following static:


static (inside,outside) xxx.xxx.xxx.xx1 10.1.100.197 netmask 255.255.255.255 0 0


I want to add another physical mail server (serving a separate domain) that routes to a separate public IP.


I have attempted to just add:



access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq pop3


and a static of:



static (inside,outside) xxx.xxx.xxx.xx2 10.1.100.198 netmask 255.255.255.255 0 0


I cannot get traffic through in either direction on the new mail server. I can, however access the internet from the new mail server box.


Where am I going wrong?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Tue, 02/12/2008 - 14:01
User Badges:
  • Cisco Employee,

sh xlate det | inc 10.1.100.198, are you getting xlated to xxx.xxx.xxx.xx2..? confirm this,


Disabled the fixup smtp, is your mail domain resolving to xxx.xxx.xxx.xx2 ? (do a nslookup for mail..com


If the issue is only for mail traffic I suspect the ISP needs to point the MX records to your FW

Actions

This Discussion