Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E

My goal is :- we want port 25 from specific outside addresses ( 208.75.194.0/21) to be allowed to: my1.cbc.com (notes) and mys.cbc.com (notes1)

This is my partial config

name 10.101.91.14 Notes1

name 10.101.91.13 notes

name 208.75.194.0 Mx_logic

object-group network Mx_Logic_Notes

description MxLogic networks to Notes

network-object 208.75.194.0 255.255.248.0

access-list outside_acl permit tcp object-group Mx_Logic_Notes host 69.191.66.229 eq smtp

access-list outside_acl permit tcp object-group Mx_Logic_Notes host 69.191.66.230 eq smtp

static (inside,outside) 69.191.66.230 10.101.91.14 netmask 255.255.255.255 0 0

static (inside,outside) 67.109.66.231 10.101.91.13 netmask 255.255.255.255 0 0

access-group outside_acl in interface outside

When I issued Pix1# sh access-list both access-list has (hitcnt=0)

What am I doing wrong.

do I need to specify port eq 25 on the source also ?.

help

4 REPLIES
New Member

Re: PIX 515E

I think you might want to look at the public IP's. They dont all match between your static's and your ACL

New Member

Re: PIX 515E

it was just a typo

static (inside,outside) 69.109.66.230 10.101.91.14 netmask 255.255.255.255 0 0

static (inside,outside) 67.109.66.231 10.101.91.13 netmask 255.255.255.255 0 0

New Member

Re: PIX 515E

Hi,

Your config seems to be fine.checkout the typo errors once again.Make sure the routing and make sure the outside public ip not a porxy ip of their end.

New Member

Re: PIX 515E

hi,

I am not sure but pls check out about communication between 208.75.194.x and 10.101.91.x that only need port 25, how about 1352 ?

regards

dongdong

102
Views
5
Helpful
4
Replies
CreatePlease login to create content