Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
1
Replies

PIX 515e with one Public IP and using PAT

prashanth15
Level 1
Level 1

‎12-13-2005 06:50 PM - edited ‎02-21-2020 12:35 AM

Dear all,

The pix515e is configured with one public ip on the outside interface,and PAT configured so inside users can access internet.

our mail server and web server is registed with isp.

currently the mail and web is running on same server.

i can send mail to outside domain but cannot receive mail.

cannot do telnet on port 25 on PIX outside interface.

the configuration of PIX is as attched.

matter urgent pls reply.

Regrads,

Prashanth

Preview file
4 KB
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎12-13-2005 07:28 PM

Your outside_access_in access-list is incorrect. Currently you have:

access-list outside_access_in permit tcp any eq smtp interface outside eq smtp log

access-list outside_access_in permit tcp any eq www interface outside eq www

This says that incoming packets have to have both the source and destination ports equal to 25 (or 80) for the packets to get through. This will never happen, when you connect/telnet to port 25 your machine will use a random source port, and a destination port of 25. Change both ACL's to the following and it should work:

no access-list outside_access_in

access-list outside_access_in permit tcp any interface outside eq smtp log

access-list outside_access_in permit tcp any interface outside eq www

All I've done is remove the bolded bits (above) from your ACL.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card