Exchange 2000 configuration for Pix 506-e

Posted on 2003-11-13
Last Modified: 2010-04-09
This is my first Pixs install and I need to install it with our Exchange 2000 server. I need to know what lines to added to the default config file.
This would be the for e-mail and internet access.

The following info will be used.

Router address and

Pix address

Inside priv Ips thru

No Dhcp.
Could someone write out the lines with the following
information. I have tryed myself and we do not
get e-mail. Even with different combo of the above.
Any help would be great.
Thank you.
Question by:cannon12
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 79

Expert Comment

ID: 9744308
All you need to add is access for smtp

Assuming inside IP address of Exchange server:

Assuming you already have something like this:
ip address outside
ip address inside
global (outside) 10 interface
nat (inside) 10
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 netmask
# create access-list to permit smtp inbound
access-list inbound permit tcp any host eq smtp

# apply the access-list
access-group inbound in interface outside

# turn off fixup smtp
no fixup protocol smtp 25

badabing! You're in business....
Assuming, of course that you have the requisite MX record in your external DNS server...

LVL 79

Expert Comment

ID: 9774424
Are you still working on this? Can you update us with your status?


Author Comment

ID: 9775359

 Thank you very much for the information.  I am still working
on it.
When I try to enter this statement :
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 netmask
I get the following error   -  invalid local port netmask.

I have been trying to figure it out with no luck.
All other lines work fine.

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

LVL 79

Expert Comment

ID: 9775844
My bad..
static (inside,outside) tcp interface 25 netmask
should be this:
static (inside,outside) tcp interface 25 25 netmask


Author Comment

ID: 9778904

static (inside,outside) tcp interface 25 netmask

Tryed that line and now I get the error message --

Invalid global port
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 9779001
You have to keep the port in BOTH places:

static (inside,outside) tcp interface 25 25 netmask
                                                     ^^                      ^^

Author Comment

ID: 9779496

 Thanks for the help.
 Will try the new config tonight.

Expert Comment

by:Salah Eddine ELMRABET
ID: 9796327
Hi cannon12
You maust to define the inside and outside addresses and i recommand that you do an open Static without ports and on the access-list you specifie what do you want to permit this will help you if you want to add some services on the same machine without adding a new static!
so here you find the correct syntax for static!!
static (inside,outside) mail_server_public_add mail_server_private_add netmask 0 0

and the access-list
access-list OUTSIDE permit tcp any host mail_server_public_add eq smtp

hope you luck

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question