Adding second mail server behind 515E - Cisco Community

242

Views

0

Helpful

1

Replies

I have a PIX 515E running 6.3(3) that has one mail server currently running behind it with the following ACL:

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq pop3

AND the following static:

static (inside,outside) xxx.xxx.xxx.xx1 10.1.100.197 netmask 255.255.255.255 0 0

I want to add another physical mail server (serving a separate domain) that routes to a separate public IP.

I have attempted to just add:

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq pop3

and a static of:

static (inside,outside) xxx.xxx.xxx.xx2 10.1.100.198 netmask 255.255.255.255 0 0

I cannot get traffic through in either direction on the new mail server. I can, however access the internet from the new mail server box.

Where am I going wrong?

1 Reply 1

sh xlate det | inc 10.1.100.198, are you getting xlated to xxx.xxx.xxx.xx2..? confirm this,

Disabled the fixup smtp, is your mail domain resolving to xxx.xxx.xxx.xx2 ? (do a nslookup for mail..com

If the issue is only for mail traffic I suspect the ISP needs to point the MX records to your FW

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card