11-11-2010 05:03 PM - edited 03-11-2019 12:08 PM
Hi,
We have a PIX 515 with inside, outside and dmz zones which is doing NAT on our mail server from inside to outside.
The problem is that users on the DMZ cannot seem to access the mail server by the outside/public IP
The relevant access lists are
access-list outside-acl extended permit tcp any host external-mailserver eq smtp
access-list dmz-acl extended permit tcp any host external-mailserver eq smtp
and a static NAT for our mail server
static (inside,outside) external-mailserver internal-mailserver netmask 255.255.255.255
I would think it's something obvious but who knows. I thought perhaps the return traffic that goes back out the 'outside' interface is not permitted to reach the dmz but I thought the access list would keep state, no?
Thanks for any help.
Solved! Go to Solution.
11-11-2010 05:24 PM
Sorry the command above is incorrect.
The correct command is:
static (inside,DMZ) external-mailserver internal-mailserver
Federico.
11-11-2010 05:06 PM
Hi,
To allow DMZ users to access the internal server with its public IP you need:
static (outside,DMZ) external-mailserver internal-mailserver
Hope it helps.
Federico.
11-11-2010 05:24 PM
Sorry the command above is incorrect.
The correct command is:
static (inside,DMZ) external-mailserver internal-mailserver
Federico.
11-11-2010 05:48 PM
Thanks. Your second answer was correct but when I marked it correct seems to show first to me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide