Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No incoming SMTP PIX 515 7.2(2)

Hello...I just dropped a PIX 515e (which has 7.2(2) running on it). They have an MS Exchange server on the inside, Static NAT to a public IP...the box is able to send email outbound no problem, but not able to receive INBOUND smtp..syslog shows "FIN timeouts" on teardowns. Any help on this would be greatly appreciated!

3 REPLIES

Re: No incoming SMTP PIX 515 7.2(2)

Vince-

Have you created a NAT translation for inbound access?

static (inside,outside) tcp [outside ip] 25 [inside ip] 25 netmask 255.255.255.255

Have you also create an access-list to allow SMTP inbound?

New Member

Re: No incoming SMTP PIX 515 7.2(2)

yes, it's a static one-to-one translation, and also access rules allowing SMTP outbound (which is working) and also ACLs allowing SMTP, HTTPS, HTTP, etc, from outside to this host...from the remote office, I am able to "telnet" with port 25 to this server (and see the syslog message: "built inbound TCP connection 35685 for outside:x.x.x.x/8387 to inside:HS_EXCHANGE/25(x.x.x.x)

So I know the port is open to this box....I didn't make any changes to the IP addresses (from their old software firewall)....I'm just not seeing any "inbound" connections being built, besides the one I tried w/Telnet....maybe the upstream SPAM filter?

New Member

Re: No incoming SMTP PIX 515 7.2(2)

Ok, problem solved. I was using the name of the server "HS_EXCHANGE" in the ACL for the outside interface. I changed the name to the actual traslated Public IP address of the server, within the ACL, and now it works. I never had to do this on the old version of PIX code...something new maybe.

186
Views
0
Helpful
3
Replies