We have a MS Small Business Server as a Domain Controller running DNS Active Directory and Exchange and an W2K Server running applications. Both have static ips 192.168.0.3 and 192.168.0.2 respectively. VPN is working fine also!
The PIX is dishing out IP's to the client machines.
We have internet connectivity throughout but cannot seem get any ingoing mail through the PIX. We can see that the PIX is dropping all ingoing mail.
I have attached the firewall configuration in the hope someone may identify some problem with the rules we have set?
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxx encrypted
passwd xxxxxx encrypted
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
name 192.168.0.3 mailgateway
name 192.168.0.2 SERVER
access-list inside_outbound_nat0_acl permit ip any 192.168.0.0 255.255.255.128
access-list outside_access_in permit udp any eq nameserver any
I was just able to send the firstname.lastname@example.org a test message by telnet. x.x.x.18 is open for smtp, and his MX records are correct. Was no fixup the fix? I know with E5.5, having it enabled meant repeated reception of the same message from certain smtp servers, but I don't think it ever stopped us from getting any mail
I hope that 'no fixup worked for port smtp 25' - I thought that if security is a concern for you, you shoud try placing ' icmp deny any outside' in this way any one trying to comprimise your pix then they will be denied i.e. goto http://www.grc.com and try 'shields Up' (which is secure and free) and see if any ports are open for abuse from the outside world. - this is just a thought.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :