Hello,
My company has Pix515e firewall that we are trying to use for some simple routing.
I have a range of public addresses on the external interface (ex: xxx.xxx.xxx.34 - 38)
On the inside network I have 172.16 private addresses. We will assume that 172.16.0.10 is a web server, 172.16.0.100 is an oubound SMTP server and 172.16.0.200 is an inbound SMTP server. For various reasons these have to be separate private addresses. We can't have inbound and outbound SMTP on the same box.
The External Pix Interface is the .34 address. I have a dynamic pool using PAT configured on this interface for miscellanous internet traffic and DHCP clients that do not have static addresses. This works fine.
I currently have an Access Rule that maps the www traffic received on xxx.xxx.xxx.35 to 172.16.0.10. There is also a static translation rule mapping all outbound traffic back to the same public address. This also works fine.
Another access rule is mapping inbound SMTP traffic received on IP xxx.xxx.xxx.36 to the 172.16.0.200 address. The PDM console requires me to set up a static route that maps all outgoing traffic back to the xxx.xxx.xxx.36 address but I would have prefer to let outgoing traffic go back through the PAT Pool on the interface just like the DHCP traffic does.
Here is the one that has me stumpted. I would like the outgoing SMTP machine at 172.16.0.100 to send all smtp traffic back out the xxx.xxx.xxx.36 interface while allowing all other outbound traffic to go out the PAT Pool on the interface address.
In summary, I have been unable to figure out how to make the inbound and outbound SMTP machines share the same IP address for smtp traffic but route all outbound traffic through the PAT Pool on the .34 address.
Is this even possible? The PDM interface screams with disgust anytime I try create translation rules that involve multiple ports or IP addresses. Is this a PDM limitation? Can it be done through CLI? If so how? Please help.
Mike Makowski
Start Free Trial
