Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515e with one Public IP and using PAT

Dear all,

The pix515e is configured with one public ip on the outside interface,and PAT configured so inside users can access internet.

our mail server and web server is registed with isp.

currently the mail and web is running on same server.

i can send mail to outside domain but cannot receive mail.

cannot do telnet on port 25 on PIX outside interface.

the configuration of PIX is as attched.

matter urgent pls reply.

Regrads,

Prashanth

1 REPLY
Cisco Employee

Re: PIX 515e with one Public IP and using PAT

Your outside_access_in access-list is incorrect. Currently you have:

access-list outside_access_in permit tcp any eq smtp interface outside eq smtp log

access-list outside_access_in permit tcp any eq www interface outside eq www

This says that incoming packets have to have both the source and destination ports equal to 25 (or 80) for the packets to get through. This will never happen, when you connect/telnet to port 25 your machine will use a random source port, and a destination port of 25. Change both ACL's to the following and it should work:

no access-list outside_access_in

access-list outside_access_in permit tcp any interface outside eq smtp log

access-list outside_access_in permit tcp any interface outside eq www

All I've done is remove the bolded bits (above) from your ACL.

131
Views
0
Helpful
1
Replies