Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mail Server Inside - HELP

I have a mail server inside my network. We are using PIX 506E. And I have configure follow below links, but still wont work. So links said that we have to open the smpt port only.

Are there any others ports should be open?.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

Thank in advance

3 REPLIES
Silver

Re: Mail Server Inside - HELP

What specifically does not work? Are you not receiving email from other internet hosts?

Post your config, but take out the password lines, and change any legitimate ip addresses

New Member

Re: Mail Server Inside - HELP

At it's simplest, assuming all else is working with the pix, you just need to static map the outside address to the inside address, and permit access to the smtp port of the outside address through the access-list configured inbound on your outside interface.

If something else was previously statically mapped to the outside address through the pix you will need to do a 'clear xlate'. If a device has been using the outside address beyond the pix (e.g. the mailserver used to sit outside the pix on the outside address) you may need to clear the arp cache on your WAN router (or if you have no access to it, reload the router if practical).

You may want to confirm your smtp port is open on the server by attempting to telnet to port 25 on its inside address.

Feel free to post your pix config - dont forget to hide your passwords and alter your outside ip addresses.

Regards

Kev

New Member

Re: Mail Server Inside - HELP

I have the internet connection directly to a switch. I've try to clear xlate. But nothing change. Still cannot go to the web and mail server.

====================================================

access-list acl_in permit tcp any host 202.169.39.142 eq smtp

access-list acl_in permit tcp any host 202.169.39.142 eq pop3

access-list acl_in permit tcp any host 202.169.39.142 eq 8888

access-list acl_in permit tcp any host 202.169.39.142 eq domain

access-list acl_in permit udp any host 202.169.39.142 eq domain

access-list acl_in permit tcp any host 202.169.39.135 eq www

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq www

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq pop3

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq smtp

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq https

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq domain

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq 161

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq 162

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq telnet

access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq cmd

access-list acl_out permit udp 192.168.10.0 255.255.255.0 any eq domain

access-group acl_in in interface outside

access-group acl_out in interface inside

====================================================

The internet connection was fine. Thank you

Best Regards,

HATO

208
Views
0
Helpful
3
Replies
CreatePlease login to create content