For the last couple of months, off and on, I've been trying to tweak my PIX 501 for my SOHO needs and now that I'm re-motivated to get it working I hope someone can help me. Here is my problem(s).
I have a Cable Modem connection to the internet which ties into my PIX's ouside interface. The PIX has 4 inside eth ports and one outside eth port. I am NAT'ing to my inside interfaces of my network. This all works fine except for my exchange server. I've read that you "must" do a static NAT traslation for the exchange server so that mail knows how to get in and out of the firewall which makes sense. I can get this working one of two ways. Either all of my workstations get access to the internet and the exchange server doesn't transfer mail correctly- or I insert the static NAT translation into the PIX and my exchange server will pass mail correctly but my workstations lose access to the internet? I'd like to have the best of both worlds so I'm hoping someone can assist me with this before I throw the thing out the window and stick with the measly little Linksys that "does" allow all this to work....I just don't have a warm and fuzzy about Linksys as a firewall product?
Here is a bit of config info that may help you out.
Lets just say that my outside interface is: 220.127.116.11
My inside interface for my exchange server is: 192.168.1.150
Also, I use static addresses for all of my inside workstations rather than allowing the PIX to do DHCP --> I'm not sure if this would help as far as translations go? My ISP gives me one static address and one dynamic address to use.
Another problem with the static NAT translation to the exchange server I see is with IPSec VPN. Will I be able to IPSec VPN into the PIX if it's public address is translated to the exchange server?
Thanks in advance for any/all help!