Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Adding second mail server behind 515E

I have a PIX 515E running 6.3(3) that has one mail server currently running behind it with the following ACL:

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx1 eq pop3

AND the following static:

static (inside,outside) xxx.xxx.xxx.xx1 10.1.100.197 netmask 255.255.255.255 0 0

I want to add another physical mail server (serving a separate domain) that routes to a separate public IP.

I have attempted to just add:

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.xx2 eq pop3

and a static of:

static (inside,outside) xxx.xxx.xxx.xx2 10.1.100.198 netmask 255.255.255.255 0 0

I cannot get traffic through in either direction on the new mail server. I can, however access the internet from the new mail server box.

Where am I going wrong?

1 REPLY
Cisco Employee

Re: Adding second mail server behind 515E

sh xlate det | inc 10.1.100.198, are you getting xlated to xxx.xxx.xxx.xx2..? confirm this,

Disabled the fixup smtp, is your mail domain resolving to xxx.xxx.xxx.xx2 ? (do a nslookup for mail..com

If the issue is only for mail traffic I suspect the ISP needs to point the MX records to your FW

95
Views
0
Helpful
1
Replies