Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need assistance setting up a mail server on a pix 501.

User Access Verification

Password:

Type help or '?' for a list of available commands.

pixfirewall# show config

: Saved

:

PIX Version 6.1(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list inside_access_in permit ip 10.0.0.0 255.255.255.0 any

access-list smtp permit tcp any host xx.xx.xx.xx eq smtp

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside xx.xx.xx.xx 255.255.255.248

ip address inside 10.0.0.1 255.255.255.0

ip verify reverse-path interface outside

ip audit info action alarm

ip audit attack action alarm

pdm location 0.0.0.0 255.255.255.255 outside

pdm location 0.0.0.0 255.255.255.0 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface smtp 10.0.0.2 www netmask 255.255.255.255

0 0

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

url-cache dst 1KB

http server enable

http 10.0.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet 10.0.0.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:3ae6d538123b8ad8ec4fc5bbd0df3ab0

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Need assistance setting up a mail server on a pix 501.

> access-list smtp in interface outside

Silver

Re: Need assistance setting up a mail server on a pix 501.

What he meant to say was:

access-group smtp in interface outside

This applies you access-list to the outside interface to allow all hosts to make connections to SMTP on TCP port 25.

4 REPLIES
Cisco Employee

Re: Need assistance setting up a mail server on a pix 501.

> access-list smtp in interface outside

New Member

Re: Need assistance setting up a mail server on a pix 501.

I don't understand.

Cisco Employee

Re: Need assistance setting up a mail server on a pix 501.

Whoops, sorry about that. Thanks Shannon, for providing the correction.

Yes, what I meant to say was:

> access-group smtp in interface outside

Not enough coffee yesterday (or maybe too much).

Silver

Re: Need assistance setting up a mail server on a pix 501.

What he meant to say was:

access-group smtp in interface outside

This applies you access-list to the outside interface to allow all hosts to make connections to SMTP on TCP port 25.

92
Views
0
Helpful
4
Replies
CreatePlease login to create content