Hello...I just dropped a PIX 515e (which has 7.2(2) running on it). They have an MS Exchange server on the inside, Static NAT to a public IP...the box is able to send email outbound no problem, but not able to receive INBOUND smtp..syslog shows "FIN timeouts" on teardowns. Any help on this would be greatly appreciated!
yes, it's a static one-to-one translation, and also access rules allowing SMTP outbound (which is working) and also ACLs allowing SMTP, HTTPS, HTTP, etc, from outside to this host...from the remote office, I am able to "telnet" with port 25 to this server (and see the syslog message: "built inbound TCP connection 35685 for outside:x.x.x.x/8387 to inside:HS_EXCHANGE/25(x.x.x.x)
So I know the port is open to this box....I didn't make any changes to the IP addresses (from their old software firewall)....I'm just not seeing any "inbound" connections being built, besides the one I tried w/Telnet....maybe the upstream SPAM filter?
Ok, problem solved. I was using the name of the server "HS_EXCHANGE" in the ACL for the outside interface. I changed the name to the actual traslated Public IP address of the server, within the ACL, and now it works. I never had to do this on the old version of PIX code...something new maybe.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...