Internal -- ISA FW -- PIX515E-R -- ROUTER -- INTERNET. I wrote a static mapping between internal mail server and public ip and allowed through accesslist (only smtp). Now i can able tos end emails and all but not able to receive emails. Once PIX forward email traffic to ISA server, isa will publish the traffic to internal email server. Without PIX its working fine but not working when i connected PIX.
Information was useful.After no fixup i am not able to fixit. Any more suggestions. BTW when i found some traffic in Show Conn statement stating "xxx.xxx.xxx.xxx:25 yyy.yyy.yyy.yyy 1143 UIOB. Does it means that firewall is forwarding the traffic? (yyy.yyy.yyy.yyy is static mapped with xxx.xxx.xxx.xxx public IP)
I strongly feel that the issue is with your NAT/PAT thing. AFAI understand, you have tried to NAT all your SMTP Traffic to a host (via your ISA Server) 172.16.25.0 255.255.255.0.
Now PIX is NOT able to make a static translation for this Host unless it owns the Subnet itself.
You have not mentioned the Subnet 172.16.25.0 255.255.255.0 on the PIX hence it wont be able to make a translation table for the same.
I shall suggest that, you change the entry static (inside,outside) xxx.xxx.xxx.xxx 172.16.xxx.xxx netmask 255.255.255.255 0 0 (email) to an ip address which PIX owns itself, i.e. 10.100.4.0/24 and it will work.
Ofcourse prior to that you MUST make sure that any SMTP connections arriving on ISA, it must be able to relay to the actual Mail SErver.
I totally agree with you. Actually now i changed the whole setup, removed ISA and connected directly. So the current setup is Internet router - - Firewall - -internal core switch. As you know Firewall address (External) xxx.xxx.xxx.xxx and internal i gave 172.16.xxx.4 (which is again in the same vlan of mail server). given static command and allowed through static. This setup is just to make sure it works. But still i failed to do so. I can be able to access internet (http traffic no issues), but i can't receive or send mails.
Any suggestions please specify. is it possible for you to just give me a command list to configure this kind of setup?
Hi ... by looking at your config .. You have several mistakes ... As I understand you incoming email should be routed from the ASA to the ISA and then to your internal mail server correct ..? then your static needs to point to the external interface of the ISA box ... i.e let's say that the external interface of the ISA is 10.100.4.5 then your static needs to be
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :