To configure MS-Exchange connectivity through a PIX Firewall, perform the following steps:
Create the static translation for the MS-Exchange server inside address so it can be seen by its public routable address from the outside. Traffic received by the PIX on the outside address of the MS-Exchange server is translated by the PIX and passed to the inside network.
Create an Access Control List (ACL) on the PIX to allow all devices (or a specific machine) on the outside to access the MS-Exchange server. The MS-Exchange server uses ports 135, 137, 138, and 139.
Apply the ACL to the outside interface in the inbound direction.
The following is an example configuration:
static (inside,outside) 22.214.171.124 10.1.1.1 !---This creates the static entry. !---Map the inside address of 10.1.1.1 to the public address of 126.96.36.199.
access-list 101 permit tcp any host 188.8.131.52 eq 139 access-list 101 permit tcp any host 184.108.40.206 eq 135 !--- Access-list 101 permits TCP traffic from any device to host 220.127.116.11. !--- This is the outside address of the Exchange server ports 139 and 135. access-list 101 permit udp any host 18.104.22.168 eq 137 access-list 101 permit udp any host 22.214.171.124 eq 138 !--- Access-list 101 permits UDP traffic from any device to host 126.96.36.199. !--- This is the outside address of the Exchange server ports 137 and 138.
access-group 101 in interface outside !---Apply the access-list to the outside interface.