I've read several related posts, but I can't quite figure out what I am doing wrong. This is my first time configuring a PIX.
PIX 501 version 6.3(1)
I'm trying to allow inbound SMTP traffic to an internal mail server. We have only a single IP address, which is bound to the outside interface of the PIX. Obviously, I want inside users to still be able to NAT out.
The commands I *think* I need are these:
access-list outside permit tcp any interface outside eq smtp
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp (external_IP) smtp (internal_IP) smtp netmask 255.255.255.255 0 0
access-group outside in interface outside
with this configuration I cannot connect (from outside) to port 25 on the internal server.
what am I missing?
Thanks in advance!