10-14-2003 08:06 AM - edited 02-21-2020 12:49 PM
Hi,
We have a typical scenario, 2610 router connected to internet, the ethernet of 2610 directly connected to pix 515 through cross cable. on one dmz of pix 515 we have a concentrator, on the external interface of concentrator there is one SMTP gateway, the problem is this smtp gateway has to send mails and receive mails from internet, due to some client requirement it has to be behind the Concentrator, as this SMTP gateway is also used to send mails through VPN's to couple of clients.
Can you please suggest me how to do configuration for this kind of scenario.
Thanks in advance
Regards
Salim
10-14-2003 03:58 PM
lets say your outside IPs are 1.1.1.1 and 1.1.1.2, DMZ is called DMZ1:
ip address ethernet0 1.1.1.1 255.255.255.0
ip address ethernet2 192.168.1.1 255.255.255.0
static (dmz1, outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255
access-list 101 permit icmp any any
access-list 101 permit tcp any host 1.1.1.2 eq SMTP
access-group 101 in interface outside
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz1) 1 0.0.0.0 0.0.0.0 0 0
-Shawn
10-15-2003 02:20 AM
Hi,
Thanks a lot for giving me the configuration. i have done accordingly, but the problem which i am facing now is that i am able to ping to vpn concentrator from my smtp server on the external interface of concentrator, i am also able to ping to the dmz interface of the firewall. but i am not able to ping or browse or send mails to internet as well as not able to ping ethernet interface of the router. do i need to add some thing else to do this.
let me remind again that the dmz interface of firewall is connected to outside interface of concentrator and smtp server is connected to external interface of vpn concentrator, is it because of this that the packets are getting dropped. i am not sure how a concentrator will behave in this scenario.
Thanks and Regards
Salim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: