rmefford
asked on
How do I use Cisco Pix Devise Manager to create rules to allow mail to come to my Exchange 2003 Server
I have a Cisco Pix Firewall 506 and would like to use the Cisco Pix Devise Manager to configure it to allow Exchange 2003 mail to pass through. How can I do this?
Thanks,
Randy
Thanks,
Randy
In anticipation of any future issues, here is another good article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;q320027
http://support.microsoft.com/default.aspx?scid=kb;en-us;q320027
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help, but that doesn't really discribe how to use create a new rule with the device manager. Also that example is if I am going to have a second server outside my firewall. I am not. I will have just the Exchange Server on the inside. Am I missing something? Please help.
Randy
Randy
ASKER
I will try that, thanks everyone.
We must have hit submit at the same time... hehe..
Quick tip,
if you are using only 2 interfaces your static command do not require you to specify insde,outside in your command line. Helps expediting programming the pix via commandline.
static insideip outsideip
Cheers!
Dan
if you are using only 2 interfaces your static command do not require you to specify insde,outside in your command line. Helps expediting programming the pix via commandline.
static insideip outsideip
Cheers!
Dan
Hey rmefford,
The link is Cisco's suggestion on how to make Exchange work across a PIX firewall. If all your looking for is port forwarding, Irmoore described that.
The link is Cisco's suggestion on how to make Exchange work across a PIX firewall. If all your looking for is port forwarding, Irmoore described that.
ASKER
Thanks for the help, is that the only port I need to open to get my exchange server mail working? I can send out but have not been able to receive an email in yet.
Hi,
You only need two commands to get this working. Go to the CLI command input in the PDM and enter these commands. The third command is incase you have switched of the fixup for smtp.
Replace 192.168.0.1 with your public ip on the firewall and 10.0.0.1 with your internal ip of the exchange server.
access-list 101 permit tcp any host 192.168.0.1 eq smtp
static (inside,outside) tcp 192.168.0.1 smtp 10.0.0.1 smtp netmask 255.255.255.255 0 0
fixup protocol smtp 25
I know this works as I use it all the time with my customers.
Any questions please let me know.
Regards
Mark
You only need two commands to get this working. Go to the CLI command input in the PDM and enter these commands. The third command is incase you have switched of the fixup for smtp.
Replace 192.168.0.1 with your public ip on the firewall and 10.0.0.1 with your internal ip of the exchange server.
access-list 101 permit tcp any host 192.168.0.1 eq smtp
static (inside,outside) tcp 192.168.0.1 smtp 10.0.0.1 smtp netmask 255.255.255.255 0 0
fixup protocol smtp 25
I know this works as I use it all the time with my customers.
Any questions please let me know.
Regards
Mark
> out but have not been able to receive an email in yet.
Did you disable the fixup protocol smtp 25?
You MUST do this step.
Did you disable the fixup protocol smtp 25?
You MUST do this step.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/msexchng.htm
Hope this helps!