JonE_Bravo
asked on
Pix 501 Email receive issue
Dear All,
Am having problem setting up a Pix 501 on a small home office network. WAN port is currently holding the MX address for my domain (100.X.X.175) and the LAN port (192.168.1.1) sits on the same switch as the Exchange server (192.168.1.3).
There is no problem setting up the basic system and am using PAT to send all Inside information to the outside using the outside interface, so email out has no problem.
The issue is receiving email to the exchange server. Have entered the following commands that I believed would be enough (rest of the set-up prior to these commands could have been achieved by PDM or on command line and have tried both just in case).
<<<<<>>>>>>
static (inside,outside) tcp 100.X.X.175 25 192.168.1.3 25 netmask 255.255.255.255
access-list permit_mail_in permit tcp any host 100.X.X.175 eq 25
access-group permit_mail_in in interface outside
no fixup protocol smtp 25 (have tried with or without)
<<<<<<>>>>>>
I am somewhat stumped now any clues on what I may have missed??
Thanks
Jon
Am having problem setting up a Pix 501 on a small home office network. WAN port is currently holding the MX address for my domain (100.X.X.175) and the LAN port (192.168.1.1) sits on the same switch as the Exchange server (192.168.1.3).
There is no problem setting up the basic system and am using PAT to send all Inside information to the outside using the outside interface, so email out has no problem.
The issue is receiving email to the exchange server. Have entered the following commands that I believed would be enough (rest of the set-up prior to these commands could have been achieved by PDM or on command line and have tried both just in case).
<<<<<>>>>>>
static (inside,outside) tcp 100.X.X.175 25 192.168.1.3 25 netmask 255.255.255.255
access-list permit_mail_in permit tcp any host 100.X.X.175 eq 25
access-group permit_mail_in in interface outside
no fixup protocol smtp 25 (have tried with or without)
<<<<<<>>>>>>
I am somewhat stumped now any clues on what I may have missed??
Thanks
Jon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Get someone to telnet to port 25 from outside. Can they connect to the exchange?
If the isp blocked port 25 you shouldnt be able to send mail from your system. But you state that you can so isp shouldnt be the issue if one
way direction works.
If the isp blocked port 25 you shouldnt be able to send mail from your system. But you state that you can so isp shouldnt be the issue if one
way direction works.
ASKER
Thanks Marvin - it was an error from the ISP end which we could not see.
It turned out to be bad timing for putting in a different firewall and it just made me think I had gone mad.
Everything is good now - points to you for the correct source. And thanks to others for having a look.
Cheers
Jon
It turned out to be bad timing for putting in a different firewall and it just made me think I had gone mad.
Everything is good now - points to you for the correct source. And thanks to others for having a look.
Cheers
Jon
Just a little changes on the static will fix it actually
static (inside,outside) tcp 100.x.x.175 smtp 192.168.1.3 smtp netmask 255.255.255.255 0 0
You did not specified what TCP traffic is PAT into your Exchange server.
The secure way of doing it is to specified the particular traffic to the static command, such as SMTP, WWW, HTTPS, etc
the access-list and access-group are fine.
Again on the fixup, preferably to put the fixup ON, otherwise outside people will know what sort of Email system you are using.
Good Luck,
Alex.