I would greatly appreciate an hint or a clue which helps me to fix this issue I have.
Data which may better help you to understand the environment, if you can assist.
Cisco PIX Firewall Version 6.3(3) Cisco PIX Device Manager Version 3.0(1) -------> works well if directly connected to the ADSL Router and to Internet. Everything works. Good configuration available in the attachement.
IPCop 1.4.2 ------> works well if directly connected to the ADSL Router and to Internet. I can HTTP from Internet to an a Web Server directly connected to its internat Interface. I.e. 172.16.0.8.
Cisco PIX FW alllows all services from the internal network to reach Internet, via the IPCop Green (Internal interface);
Traffic like Facebook, Skype, etc. is allowed from/to Internet to my protected zone and vice-versa;
Cisco internal network is 194.20.23.X is privately assigned to an other company and used by chance but without problems for years;
Cisco external network I/F is 172.16.0.2. It connects to the internal IPCop interface 172.16.0.1 (Green);
IPCop external network I/F is 184.108.40.206, which connects to my ADSL Router GW 220.127.116.11.
What exactly doesn't work:
My SMTP, DNS and MAIL server public address is 18.104.22.168. If you ping to this address it responds. However, if you try to telnet to port 25, it doesn't respond. So, I am almost sure there is a rule which prevents the port forwarding to my server 22.214.171.124, which Cisco NAT translates to 126.96.36.199.
A working configuration when Cisco is directly connected to Internet;
A non working configuration when Cisco is not directly connected to Internet. (File Cisco_Config_3001.txt)
route inside linux 255.255.255.255 188.8.131.52 1
route outside 0.0.0.0 0.0.0.0 172.16.0.1 1
Since we have a static nat translation for linux with mailgate on PIX, i believe IP Cop is not doing the translation for mailgate IP but since 82.70.219.x subnet is directly connected to IP Cop it will never forward the traffic for 184.108.40.206 to PIX as directly connected network takes precedence over static routes.
Here is an option to get this working with this setup:
Translation on IP Cop:
220.127.116.11-->172.16.0.10(any free IP of this range)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :