cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
0
Helpful
5
Replies

Routing email from the internet to exchange server in DMZ

alvarezromeo
Level 1
Level 1

I have an exchange server sitting in my DMZ, IP addy 10.x.x.x. In my pix I made a static(DMZ,outside) 10.x.x.x 208.x.x.x, to NAT the 10.x.x.x addy to a public IP of 208.x.x.x, also in the PIX i added acl putside permit tcp any 208.x.x.x eq smtp. In my outside router i added a permit tcp any 208.x.x.x eq smtp entry. Will this work? Any help would be great.

5 Replies 5

The configuration is correct for the most part except the static where the addresses are reversed. The mapped address should be the first one followed by the real address of the server. The syntax should be..

static(DMZ,outside) 208.x.x.x 10.x.x.x

HTH

Sundar

Thanks Sundar,

So making the change you suggested, why would I not be getting mail across? Are there any other entries I could make?

Can you make sense of this, i think smtp is allowed in but not out, what entries would i make?

Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3743 dst outside:216.39.53.2/25 by access-group "DMZ"

Oct 24 20:50:13 172.x.x.1 %PIX-4-106023: Deny tcp src DMZ:10.x.x.x/3744 dst outside:209.191.118.103/25 by access-group "DMZ"

Add this entry to the DMZ access list to allow traffic out from the server.

access-list DMZ permit tcp host any eq smtp

HTH

Sundar

Thanks a lot Sundar!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: