Hi, I am new to Cisco devices in general. I decided to pick up an ASA 5505. Well, I have been pretty stumped for weeks by it's setup. The configuration should be easy. I intend to place it as a firewall between our inside network and our outside network. The outside interface IP will be 64.200.x.x, whereas the inside IPs will be 10.1.1.0. I got it working to the point that I can browse the Internet from behind it fine, but I cannot seem to get mail messages into my mail server at IP 10.1.1.15 (actually a security appliance that forwards to the server). I would like to NAT all my inside connections to appear as the outside interface on the internet, and would like incoming mail redirected to 10.1.1.15. I also have heard about a command, "no inspect protocol smtp 25", but cannot seem to get this command to work properly. Here is what I have tried with results:
Result of the command: "no fixup protocol smtp 25"
WARNING: 'no fixup ...' command not processed because no global policy-map is enabled
It says I don't have a global policy map. Have I messed something up there?
I am going to post my config as a reply. Also, I plan to later set up some VPNs and some of the settings are still in the config. Tell me if that's a problem. Please tell me some of the things I am doing wrong here. Maybe I should wipe it and start fresh using what I know now?
The address is reversed in the static and your ACL needs to permit smtp traffic to the global address of the mail server. Can you make the following changes to the config, do a 'clear xlate' and test.
no access-list outside_access_in extended permit tcp any host 10.1.1.15 eq smtp
access-list outside_access_in extended permit tcp any host 64.200.x.x eq smtp
static (inside,outside) tcp 10.1.1.15 smtp 64.200.x.x smtp netmask 255.255.255.255
static (inside,outside) tcp 64.200.x.x smtp 10.1.1.15 smtp netmask 255.255.255.255
If the 64.200.x.x address you are using for the mail server is the outside interface address of the ASA substitute the IP address with the command 'interface outside' in both ACL and static configuration.