• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 456
  • Last Modified:

Exchange 2000 configuration for Pix 506-e

This is my first Pixs install and I need to install it with our Exchange 2000 server. I need to know what lines to added to the default config file.
This would be the for e-mail and internet access.

The following info will be used.

Router address 10.20.30.41 and
Subnet 255.255.255.252.

Pix address 10.20.30.40
Subnet 255.255.255.252

Inside priv Ips 192.168.1.1 thru 192.168.1.100
Subnet 255.255.255.0

No Dhcp.
 
Could someone write out the lines with the following
information. I have tryed myself and we do not
get e-mail. Even with different combo of the above.
Any help would be great.
Thank you.
0
cannon12
Asked:
cannon12
  • 4
  • 3
1 Solution
 
lrmooreCommented:
All you need to add is access for smtp

Assuming inside IP address of Exchange server: 192.168.1.101

Assuming you already have something like this:
ip address outside 10.20.30.40 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
global (outside) 10 interface
nat (inside) 10 192.168.1.0 255.255.255.0
!
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 192.168.1.101 netmask 255.255.255.255
!
# create access-list to permit smtp inbound
access-list inbound permit tcp any host 10.20.30.40 eq smtp

# apply the access-list
access-group inbound in interface outside

# turn off fixup smtp
no fixup protocol smtp 25

!
badabing! You're in business....
Assuming, of course that you have the requisite MX record in your external DNS server...

0
 
lrmooreCommented:
Are you still working on this? Can you update us with your status?

Thanks!
0
 
cannon12Author Commented:

 Thank you very much for the information.  I am still working
on it.
When I try to enter this statement :
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 192.168.0.103 netmask 255.255.255.255
I get the following error   -  invalid local port netmask.

I have been trying to figure it out with no luck.
All other lines work fine.

 Thanks
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
lrmooreCommented:
My bad..
This:
static (inside,outside) tcp interface 25 192.168.0.103 netmask 255.255.255.255
 
should be this:
static (inside,outside) tcp interface 25 192.168.0.103 25 netmask 255.255.255.255
                                                                            ^^

0
 
cannon12Author Commented:

static (inside,outside) tcp interface 192.168.0.103 25 netmask 255.255.255.255

Tryed that line and now I get the error message --

Invalid global port 192.168.0.103
0
 
lrmooreCommented:
You have to keep the port in BOTH places:

static (inside,outside) tcp interface 25 192.168.0.103 25 netmask 255.255.255.255
                                                     ^^                      ^^
0
 
cannon12Author Commented:

 Thanks for the help.
 Will try the new config tonight.
0
 
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi cannon12
You maust to define the inside and outside addresses and i recommand that you do an open Static without ports and on the access-list you specifie what do you want to permit this will help you if you want to add some services on the same machine without adding a new static!
so here you find the correct syntax for static!!
!
static (inside,outside) mail_server_public_add mail_server_private_add netmask 255.255.255.255 0 0

and the access-list
access-list OUTSIDE permit tcp any host mail_server_public_add eq smtp

hope you luck
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now