Solved

Exchange 2000 configuration for Pix 506-e

Posted on 2003-11-13
8
439 Views
Last Modified: 2010-04-09
This is my first Pixs install and I need to install it with our Exchange 2000 server. I need to know what lines to added to the default config file.
This would be the for e-mail and internet access.

The following info will be used.

Router address 10.20.30.41 and
Subnet 255.255.255.252.

Pix address 10.20.30.40
Subnet 255.255.255.252

Inside priv Ips 192.168.1.1 thru 192.168.1.100
Subnet 255.255.255.0

No Dhcp.
 
Could someone write out the lines with the following
information. I have tryed myself and we do not
get e-mail. Even with different combo of the above.
Any help would be great.
Thank you.
0
Comment
Question by:cannon12
  • 4
  • 3
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 9744308
All you need to add is access for smtp

Assuming inside IP address of Exchange server: 192.168.1.101

Assuming you already have something like this:
ip address outside 10.20.30.40 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
global (outside) 10 interface
nat (inside) 10 192.168.1.0 255.255.255.0
!
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 192.168.1.101 netmask 255.255.255.255
!
# create access-list to permit smtp inbound
access-list inbound permit tcp any host 10.20.30.40 eq smtp

# apply the access-list
access-group inbound in interface outside

# turn off fixup smtp
no fixup protocol smtp 25

!
badabing! You're in business....
Assuming, of course that you have the requisite MX record in your external DNS server...

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9774424
Are you still working on this? Can you update us with your status?

Thanks!
0
 

Author Comment

by:cannon12
ID: 9775359

 Thank you very much for the information.  I am still working
on it.
When I try to enter this statement :
# create static NAT port map to the server for port 25 smtp
static (inside,outside) tcp interface 25 192.168.0.103 netmask 255.255.255.255
I get the following error   -  invalid local port netmask.

I have been trying to figure it out with no luck.
All other lines work fine.

 Thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9775844
My bad..
This:
static (inside,outside) tcp interface 25 192.168.0.103 netmask 255.255.255.255
 
should be this:
static (inside,outside) tcp interface 25 192.168.0.103 25 netmask 255.255.255.255
                                                                            ^^

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:cannon12
ID: 9778904

static (inside,outside) tcp interface 192.168.0.103 25 netmask 255.255.255.255

Tryed that line and now I get the error message --

Invalid global port 192.168.0.103
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 9779001
You have to keep the port in BOTH places:

static (inside,outside) tcp interface 25 192.168.0.103 25 netmask 255.255.255.255
                                                     ^^                      ^^
0
 

Author Comment

by:cannon12
ID: 9779496

 Thanks for the help.
 Will try the new config tonight.
0
 
LVL 8

Expert Comment

by:Salah Eddine ELMRABET
ID: 9796327
Hi cannon12
You maust to define the inside and outside addresses and i recommand that you do an open Static without ports and on the access-list you specifie what do you want to permit this will help you if you want to add some services on the same machine without adding a new static!
so here you find the correct syntax for static!!
!
static (inside,outside) mail_server_public_add mail_server_private_add netmask 255.255.255.255 0 0

and the access-list
access-list OUTSIDE permit tcp any host mail_server_public_add eq smtp

hope you luck
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now