• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

Sending Emails Using Mail Server Which is on a private ip address

I have a network that is using private ip addresses. Network is connected to  CISCO PIX 501 firewall and then to CISCO 2620 router. NAT is configured on firewall. In my internal network i configured a mail server ( MS Exchange 2000). This mail server is on private ip address.I just wanted to "SEND MAILS"  not recieve emails .Throught this server. Is some special configuration needed on Router or Pix firewall to do this..Can any expert help me how can i do this.
1 Solution
You'll need to allow port 25 to be opened on the PIX to your workstation.  Alternatively, a better way to do it would be to assign a NAT from a public to private on your LAN private IP address on PIX, and then make sure port 25 is open.
Assuming the server is on the same private range as your clients, all you need to do is make sure that the PIX allows the server to open outbound connections on port 25 (SMTP).  Since the default config of the PIX is to allow all internals to open outbound to any port, you'd only need to do anything if you have a non-default PIX configuration for outbound traffic.  (For instance, in most cases it's reasonable to allow ONLY the mail server to send SMTP.)


I have the same network scenerio with Cisco 2620 and PIX 501. What I have done is that I am NATing the Private IP address of mail server at the Firewall to a Public/Static IP address. Then I am having my ISP maintain the DNS record for my mail server. Also I got the MX-Record changed for mail from the company that hosts the domain name.

Now on Firewall, open SMTP and POP3 port. If you want to allow access from outside without the VPN connection, open port for internet access, you can change that port in Exchange server settings. I have set that up as 8080 and that works fine for me.

Exchange has problems with mailguard.  Enter the command "no fixup protocol smtp 25" on your pix to disable it.

The default behavior for the PIX is to allow all outbound traffic so as long as you have not added any access-lists blocking outbound traffic you should be fine.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now