Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.
Solved
PIX 506e - Exchange Internal - One Public IP?
Posted on 2004-04-07
HI,
I am trying to get the following scenerio to work:
I have one IP address that the DSL carrier has povied me for the OUTSIDE interface. I need to Have all internal systems go out through this interface ( I am currently using PAT ), I also need to forward port 25 traffic that goes to the OUTSIDE interface to forward to an internal Exchange Server.
The problem that I am having is that when I enable the port 25 translation on the outside interface, I loose the ability to get to the internet from internally.
Can you have the outside interface translate this way, or do I have to get an additional IP from the carrier?
I am trying to get the following scenerio to work:
I have one IP address that the DSL carrier has povied me for the OUTSIDE interface. I need to Have all internal systems go out through this interface ( I am currently using PAT ), I also need to forward port 25 traffic that goes to the OUTSIDE interface to forward to an internal Exchange Server.
The problem that I am having is that when I enable the port 25 translation on the outside interface, I loose the ability to get to the internet from internally.
Can you have the outside interface translate this way, or do I have to get an additional IP from the carrier?
2
3 Comments
Active 1 day ago
Yes, you can use port redirection:
example, using inside IP 192.168.1.61 as your Exchange server:
! first, turn off fixup smtp
no fixup protocol smtp 25
! create a static port map
static (inside,outside) tcp interface 25 192.168.1.61 25 netmask 255.255.255.255
! create an access-list for inbound smtp email
access-list outside_access_in permit tcp any interface outside eq 25
OR:
access-list outside_access_in permit tcp any host (outside IP) eq 25
! apply the access-list
access-group outside_access_in in interface outside
! badabing, that's it !
example, using inside IP 192.168.1.61 as your Exchange server:
! first, turn off fixup smtp
no fixup protocol smtp 25
! create a static port map
static (inside,outside) tcp interface 25 192.168.1.61 25 netmask 255.255.255.255
! create an access-list for inbound smtp email
access-list outside_access_in permit tcp any interface outside eq 25
OR:
access-list outside_access_in permit tcp any host (outside IP) eq 25
! apply the access-list
access-group outside_access_in in interface outside
! badabing, that's it !
Featured Post
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list. It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…
Suggested Courses
Course of the Month6 days, 1 hour left to enroll
568 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.