Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
1
Replies

Adding second mail server behind 515E

awildeatrpscorp
Level 1
Level 1

‎02-12-2008 01:50 PM - edited ‎03-11-2019 05:01 AM

I have a PIX 515E running 6.3(3) that has one mail server currently running behind it with the following ACL:

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq pop3

AND the following static:

static (inside,outside) xxx.xxx.xxx.xx1 10.1.100.197 netmask 255.255.255.255 0 0

I want to add another physical mail server (serving a separate domain) that routes to a separate public IP.

I have attempted to just add:

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq pop3

and a static of:

static (inside,outside) xxx.xxx.xxx.xx2 10.1.100.198 netmask 255.255.255.255 0 0

I cannot get traffic through in either direction on the new mail server. I can, however access the internet from the new mail server box.

Where am I going wrong?

Labels:
0 Helpful
1 Reply 1

abinjola
Cisco Employee
Cisco Employee

‎02-12-2008 02:01 PM

sh xlate det | inc 10.1.100.198, are you getting xlated to xxx.xxx.xxx.xx2..? confirm this,

Disabled the fixup smtp, is your mail domain resolving to xxx.xxx.xxx.xx2 ? (do a nslookup for mail..com

If the issue is only for mail traffic I suspect the ISP needs to point the MX records to your FW

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card