pix to exchange smtp problem :)

Home Forums Networking Cisco Security – PIX/ASA/VPN pix to exchange smtp problem :)

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    hi guys, im back again…
    i was called in to install an exchange server at an already setup enviroment.
    they have a zyxel dsl router, and a pix 506e firewall.

    im not having any luck with the routing of the mail, internal or external.

    all i need to do is allow the mail to be received and sent.

    i am submitting the config of the pix firewall.

    Type help or ‘?’ for a list of available commands.
    pixfirewall> ena
    Password: *****
    pixfirewall# show run
    : Saved
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    domain-name ciscopix.com
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    name WebServer
    name xxx.xxx.44.224 Terminal_IN
    name FTPServer
    name xxx.xxx.211.27 zyxel
    access-list outside_access_in remark ecentric admin
    access-list outside_access_in permit tcp any host xxx.xxx.99.200 eq 8082
    access-list outside_access_in remark eeg
    access-list outside_access_in permit tcp any host xxx.xxx.99.200 eq www
    access-list outside_access_in permit tcp Terminal_IN host xxx.xxx.99.200 eq 3389
    access-list outside_access_in permit tcp host xxx.xxx.193.237 host xxx.xxx.99.200 eq 3389
    access-list outside_access_in permit tcp any host eq ftp
    access-list outside_access_in deny ip any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside xxx.xxx.99.194
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm location inside
    pdm location WebServer inside
    pdm location Terminal_IN outside
    pdm location FTPServer inside
    pdm location zyxel outside
    pdm location xxx.xxx.193.237 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0 0
    static (inside,outside) xxx.xxx.99.200 WebServer netmask 0 0
    static (inside,outside) xxx.xxx.99.195 FTPServer netmask 0 0
    access-group outside_access_in in interface outside
    route outside xxx.xxx.99.193 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    terminal width 80
    : end

    the ip address of my mail server is

    i had submitted these commands, and it didnt work, plus, my users didnt have access to the internet.
    name mailServer
    access-list outside_access_in permit tcp any host eq smtp
    pdm location mailServer inside
    static (inside,outside) mailServer netmask 0 0

    i have no knowledge of pix…
    i am onsite, and looking for assistance…

    all i need to do, i repeat, is to allow for my mail to come in, and go out, and for my users to have access to the net all at once…at least thats my part….


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.