pix to exchange smtp problem :)

Home Forums Networking Cisco Security – PIX/ASA/VPN pix to exchange smtp problem :)

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    kvouzoplis
    Member
    #126509

    hi guys, im back again…
    i was called in to install an exchange server at an already setup enviroment.
    they have a zyxel dsl router, and a pix 506e firewall.

    im not having any luck with the routing of the mail, internal or external.

    all i need to do is allow the mail to be received and sent.

    i am submitting the config of the pix firewall.

    Password:
    Type help or ‘?’ for a list of available commands.
    pixfirewall> ena
    Password: *****
    pixfirewall# show run
    : Saved
    :
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    domain-name ciscopix.com
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 10.0.0.202 WebServer
    name xxx.xxx.44.224 Terminal_IN
    name 10.0.0.1 FTPServer
    name xxx.xxx.211.27 zyxel
    access-list outside_access_in remark ecentric admin
    access-list outside_access_in permit tcp any host xxx.xxx.99.200 eq 8082
    access-list outside_access_in remark eeg
    access-list outside_access_in permit tcp any host xxx.xxx.99.200 eq www
    access-list outside_access_in permit tcp Terminal_IN 255.255.255.224 host xxx.xxx.99.200 eq 3389
    access-list outside_access_in permit tcp host xxx.xxx.193.237 host xxx.xxx.99.200 eq 3389
    access-list outside_access_in permit tcp any host 193.92.99.195 eq ftp
    access-list outside_access_in deny ip any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside xxx.xxx.99.194 255.255.255.240
    ip address inside 10.0.0.240 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 10.0.0.0 255.255.255.0 inside
    pdm location WebServer 255.255.255.255 inside
    pdm location Terminal_IN 255.255.255.224 outside
    pdm location FTPServer 255.255.255.255 inside
    pdm location zyxel 255.255.255.255 outside
    pdm location xxx.xxx.193.237 255.255.255.255 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) xxx.xxx.99.200 WebServer netmask 255.255.255.255 0 0
    static (inside,outside) xxx.xxx.99.195 FTPServer netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 xxx.xxx.99.193 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 10.0.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet 10.0.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    terminal width 80
    Cryptochecksum:832141a69093765ad53c3f0a8326e747
    : end

    the ip address of my mail server is 10.0.0.151

    i had submitted these commands, and it didnt work, plus, my users didnt have access to the internet.
    name 10.0.0.151 mailServer
    access-list outside_access_in permit tcp any host 193.92.99.194 eq smtp
    pdm location mailServer 255.255.255.255 inside
    static (inside,outside) 193.92.99.194 mailServer netmask 255.255.255.255 0 0

    i have no knowledge of pix…
    i am onsite, and looking for assistance…

    all i need to do, i repeat, is to allow for my mail to come in, and go out, and for my users to have access to the net all at once…at least thats my part….

    thanks

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.