Hi, the situation is like this. Router gives public IP address to PIX interface outside. PAT is configured on inside interface. Mail server is a host belonging to the inside interface. I need to give access to mail services from the internet without loosing Internet connection for all the other clients of the internal network. The PIX config is this:
I am a little confused here, you say that your pix is being issued public IP address by the router for its outside interface but looking at your configuration, it looks to me that you have static IP address assigned? Your configuration also shows that you are NATing individual internal IPs to your global IP (IP address of your pix outside interface), as all the IPs on your internal network are on the same subnet i.e. 192.168.0.0 /24 why dont you just NAT all internal IPs to your global IP, to do this
nat (inside) 1 192.168.0.1 255.255.255.255 0 0
nat (inside) 1 192.168.0.10 255.255.255.255 0 0
nat (inside) 1 192.168.0.11 255.255.255.255 0 0
nat (inside) 1 192.168.0.12 255.255.255.255 0 0
nat (inside) 1 192.168.0.13 255.255.255.255 0 0
nat (inside) 1 192.168.0.15 255.255.255.255 0 0
nat (inside) 1 192.168.0.17 255.255.255.255 0 0
nat (inside) 1 192.168.0.18 255.255.255.255 0 0
nat (inside) 1 192.168.0.22 255.255.255.255 0 0
nat (inside) 1 192.168.0.23 255.255.255.255 0 0
nat (inside) 1 192.168.0.240 255.255.255.255 0 0
nat (inside) 1 192.168.0.241 255.255.255.255 0 0
And replace with:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
The above will NAT all your internal IPs to your global IP address. Now you also ask for SMTP access to your internal mail server, to do this:
The reason I have used the key word interface on the static is that I am assuming that you only have one public IP address and this IP is being used for SMTP plus your outside interface of your pix, if you have more than one public IP then use a spare public IP for your SMTP access. One thing to remember is make sure that your MX record points to the public IP address for SMTP.
Let me know if this helps or if I have read your question correctly.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...