Re: SMTP and PAT

agoodwin · ‎07-29-2002

Hi all,

I have a customer with a netgear analogue router, a single legal ip and sbs4.5

Is it possible to collect smtp email through PAT if there is a pix involved?

It will be Server - PIX - Router. However will there be a problem with:

a) Timeouts (dialups taking a lot longer)

b) The server doing nat for the clients through Proxy, then the pix doing pat for the link to the Router then the router doing nat to the single legal ip.

c) If I have an acl to allow smtp in will it work with nat and global? Or should I have a static between two internal ip address's?

Hope that makes sense, cheers for any help!

Andy

gfullage · ‎07-29-2002

If the router is doing PAT, then you have to set up a port address translation using port 25, and direct it to the PIX outside interface address. Then on the PIX, set up antoerh port address translation for port 25 and direct it to the internal SMTP server. On the PIX it will look like this (assuming the SMTP server's actual address is 10.1.1.1):

static (inside,outside) tcp interface 25 10.1.1.1 25 netmask 255.255.255.255

access-list 100 permit tcp any host 10.1.1.1 eq 25

access-group 100 in interface outside

or if you're using conduits, replace the last two lines above with:

conduit permit tcp host 10.1.1.1 eq 25 any

Timeouts, etc should be fine. I just set this up for a customer and it worked fine, just make sure both the router and the PIX are redirecting TCP port 25 internally to the right spot (the router to the PIX, then the PIX to the server).

agoodwin · ‎08-02-2002

I will give this a try and get back - thanks very much for your time.

cheers

Andy

agoodwin · ‎08-14-2002

It works. (never doubted for a sec..!)

cheers

ANdy