Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco PIX 501 and MS Exchange 5.5

Posted on 2004-04-20
6
Medium Priority
?
401 Views
Last Modified: 2013-11-16
Hello, i have i client that im experiencing the following thing.

I have now set up a adsl solution with a fixed ip adress 213.145.234.21 and since that has been
implementet they cannot recive email anymore, they are able to send via the exchange server.

Before the adsl they had a dialup isdn connection.

The company that host their domain has set up their routers to forward all emails to the 213.145.234.21 ip adress.

What do i do on the exchange server and/or on the pix so that they are able to recive email again?

 

 
0
Comment
Question by:daxa78
5 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 2000 total points
ID: 10867721
Assuming outbound internet and mail is all working OK, you should just be able to add these lines, where 192.168.2.57 is your internal Exchange server:

access-list smtp permit tcp any host 213.145.234.21 eq smtp
 static (inside,outside) tcp interface 25 192.168.2.57 25 netmask 255.255.255.255
access-group smtp in interface outside

Look here for some more information if you need it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml


0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10867725
If you run into problems, post up your config.. ;)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10868188
There are several things that are necessary.
1. Proper MX Records for mail server redirect in primary DNS server. Go to http://www.dnsreport.com and put in the domain to check
2. Proper static nat map on the PIX as tim has demonstrated. Use either 1-1 static NAT or static Port map as tim demonstrates
3. Proper inbound access-list (or conduit) to permit the inbound traffic
4. Disable fixup for smtp:
  no fixup protocol smtp 25

0
 
LVL 4

Expert Comment

by:hawgpig
ID: 10889140
assuming that you posted the correct ip address....for your mail server.....i took a look at your port 25 and it shows open.....So the server looks like it is listening.....However I checked with www.dslreport.com and it sayes that the address is not a mail server which means that your ISP hasen't changed over your e-mail address to reflect the current ip address yet. Try this yourself.
Also doing an NSlookup on your ip address does not show your domain.....Your ISP is probably your issue...
Good Luck
0
 
LVL 1

Author Comment

by:daxa78
ID: 10981516
Thanks so much for the help. Made my day. Have a good one
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question