Exchange 2000 configuration for Pix 506-e

This is my first Pixs install and I need to install it with our Exchange 2000 server. I need to know what lines to added to the default config file.
This would be the for e-mail and internet access.

The following info will be used.

Router address 10.20.30.41 and
Subnet 255.255.255.252.

Pix address 10.20.30.40
Subnet 255.255.255.252

Inside priv Ips 192.168.1.1 thru 192.168.1.100
Subnet 255.255.255.0

No Dhcp.
 
Could someone write out the lines with the following
information. I have tryed myself and we do not
get e-mail. Even with different combo of the above.
Any help would be great.
Thank you.
cannon12Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
All you need to add is access for smtp

Assuming inside IP address of Exchange server: 192.168.1.101

Assuming you already have something like this:
ip address outside 10.20.30.40 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
global (outside) 10 interface
nat (inside) 10 192.168.1.0 255.255.255.0
!
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 192.168.1.101 netmask 255.255.255.255
!
# create access-list to permit smtp inbound
access-list inbound permit tcp any host 10.20.30.40 eq smtp

# apply the access-list
access-group inbound in interface outside

# turn off fixup smtp
no fixup protocol smtp 25

!
badabing! You're in business....
Assuming, of course that you have the requisite MX record in your external DNS server...

0
lrmooreCommented:
Are you still working on this? Can you update us with your status?

Thanks!
0
cannon12Author Commented:

 Thank you very much for the information.  I am still working
on it.
When I try to enter this statement :
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 192.168.0.103 netmask 255.255.255.255
I get the following error   -  invalid local port netmask.

I have been trying to figure it out with no luck.
All other lines work fine.

 Thanks
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

lrmooreCommented:
My bad..
This:
static (inside,outside) tcp interface 25 192.168.0.103 netmask 255.255.255.255
 
should be this:
static (inside,outside) tcp interface 25 192.168.0.103 25 netmask 255.255.255.255
                                                                            ^^

0
cannon12Author Commented:

static (inside,outside) tcp interface 192.168.0.103 25 netmask 255.255.255.255

Tryed that line and now I get the error message --

Invalid global port 192.168.0.103
0
lrmooreCommented:
You have to keep the port in BOTH places:

static (inside,outside) tcp interface 25 192.168.0.103 25 netmask 255.255.255.255
                                                     ^^                      ^^
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cannon12Author Commented:

 Thanks for the help.
 Will try the new config tonight.
0
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi cannon12
You maust to define the inside and outside addresses and i recommand that you do an open Static without ports and on the access-list you specifie what do you want to permit this will help you if you want to add some services on the same machine without adding a new static!
so here you find the correct syntax for static!!
!
static (inside,outside) mail_server_public_add mail_server_private_add netmask 255.255.255.255 0 0

and the access-list
access-list OUTSIDE permit tcp any host mail_server_public_add eq smtp

hope you luck
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.