Solved

How do I use Cisco Pix Devise Manager to create rules to allow mail to come to my Exchange 2003 Server

Posted on 2004-09-30
11
267 Views
Last Modified: 2013-12-03
I have a Cisco Pix Firewall 506 and would like to use the Cisco Pix Devise Manager to configure it to allow Exchange 2003 mail to pass through.  How can I do this?

Thanks,
Randy
0
Comment
Question by:rmefford
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +2
11 Comments
 
LVL 6

Expert Comment

by:vand
ID: 12193983
Hate to give just URL's, but, this is pretty involved.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/msexchng.htm

Hope this helps!
0
 
LVL 6

Expert Comment

by:vand
ID: 12194018
In anticipation of any future issues, here is another good article.

http://support.microsoft.com/default.aspx?scid=kb;en-us;q320027
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12194352
Much simpler to create a text command in notepad and drop it into the Command Line Tool of the PDM. Using the PDM is actually quite confusing..

Else, the steps involve
- create static port map to map port 25 from interface public IP to private IP
   static (inside,outside) tcp interface 25 192.168.1.100 25
- create inbound access-list to permit inbound port 25
   access-list inbound permit tcp any interface outside eq 25  <== note you must be using 6.3x to use "interface" in the acl
- bind the acl to the interface
   access-group inbound in interface outside
- turn off fixup
   no fixup protocol smtp 25

Using PDM:
- Configuration
- Access Rules
   - new rule
      Action: permit
        source host/network
           interface Outside
           ip add: 0.0.0.0
           Mask:   0.0.0.0
        Destination host/network
            interface inside
            ip add: 192.168.1.100
            mask: 255.255.255.255
        Protocol and Service (*) TCP, source port Service = any
                  Destination port Service = smtp
     - click OK, and you get a prompt "No static Network Address Translation (NAT) rule is configured ....
         - click OK
            NAT tab, chose (*)static     <ip address>(interface PAT)
          - click OK
        -click OK again
        - click Apply
      - Click Save
Then go into configuration | system properties
  + Advanced
       + fixup
           * SMTP  - click "delete" button
     Click    Apply
    - click Save

DONE
       
       





0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 

Author Comment

by:rmefford
ID: 12194362
Thanks for the help, but that doesn't really discribe how to use create a new rule with the device manager.  Also that example is if I am going to have a second server outside my firewall.  I am not.  I will have just the Exchange Server on the inside.  Am I missing something?  Please help.

Randy
0
 

Author Comment

by:rmefford
ID: 12194373
I will try that, thanks everyone.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12195287
We must have hit submit at the same time...  hehe..
0
 
LVL 2

Expert Comment

by:peteysa
ID: 12197158
Quick tip,

if you are using only 2 interfaces your static command do not require you to specify insde,outside in your command line.  Helps expediting programming the pix via commandline.  

static insideip outsideip

Cheers!

Dan
0
 
LVL 6

Expert Comment

by:vand
ID: 12201053
Hey rmefford,  

The link is Cisco's suggestion on how to make Exchange work across a PIX firewall.  If all your looking for is port forwarding, Irmoore described that.
0
 

Author Comment

by:rmefford
ID: 12203721
Thanks for the help, is that the only port I need to open to get my exchange server mail working?  I can send out but have not been able to receive an email in yet.
0
 
LVL 3

Expert Comment

by:oldhamuk
ID: 12204878
Hi,

You only need two commands to get this working.  Go to the CLI command input in the PDM and enter these commands. The third command is incase you have switched of the fixup for smtp.

Replace 192.168.0.1 with your public ip on the firewall and 10.0.0.1 with your internal ip of the exchange server.

access-list 101 permit tcp any host 192.168.0.1 eq smtp
static (inside,outside) tcp 192.168.0.1 smtp 10.0.0.1 smtp netmask 255.255.255.255 0 0
fixup protocol smtp 25

I know this works as I use it all the time with my customers.

Any questions please let me know.

Regards

Mark
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12204960
> out but have not been able to receive an email in yet.
Did you disable the fixup protocol smtp 25?
You MUST do this step.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question