10-24-2007 02:26 PM - edited 03-05-2019 07:18 PM
I have an exchange server sitting in my DMZ, IP addy 10.x.x.x. In my pix I made a static(DMZ,outside) 10.x.x.x 208.x.x.x, to NAT the 10.x.x.x addy to a public IP of 208.x.x.x, also in the PIX i added acl putside permit tcp any 208.x.x.x eq smtp. In my outside router i added a permit tcp any 208.x.x.x eq smtp entry. Will this work? Any help would be great.
10-24-2007 03:04 PM
The configuration is correct for the most part except the static where the addresses are reversed. The mapped address should be the first one followed by the real address of the server. The syntax should be..
static(DMZ,outside) 208.x.x.x 10.x.x.x
HTH
Sundar
10-24-2007 05:22 PM
Thanks Sundar,
So making the change you suggested, why would I not be getting mail across? Are there any other entries I could make?
10-24-2007 06:36 PM
Can you make sense of this, i think smtp is allowed in but not out, what entries would i make?
Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3743 dst outside:216.39.53.2/25 by access-group "DMZ"
Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3744 dst outside:209.191.118.103/25 by access-group "DMZ"
10-24-2007 07:23 PM
Add this entry to the DMZ access list to allow traffic out from the server.
access-list DMZ permit tcp host
HTH
Sundar
10-25-2007 06:41 AM
Thanks a lot Sundar!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: