Clamsy
asked on
add NAT for backup mail server in PIX 515e
We have added a backup exchange server running Double-Take to be used in failover situations. I think I'll need to mimic the lines for the primary mail server for the secondary in the PIX config. I need assistance with the commands to edit and save the working config. The pix OS Ver is 6.3.(3)
The lines below reference my primary mail server.
access-list outside_in permit tcp any host 65.x.x.192 eq smtp
static (inside,outside) 65.x.x.192 10.10.10.50 netmask 255.255.255.255 0 0
I think I'll need to add the following for the backup machine:
access-list outside_in permit tcp any host 65.x.x.193 eq smtp
static (inside,outside) 65.x.x.193 10.10.10.51 netmask 255.255.255.255 0 0
There is also a line in the current config that reads:
access-list outside_in permit tcp any host 65.x.x.192 eq www What is this for (OWA)? Looking at an older config form this PIX when the company had a backup mail server there is not a line similar to this referencing the backup server, only the one for smtp.
Thanks in advance.
The lines below reference my primary mail server.
access-list outside_in permit tcp any host 65.x.x.192 eq smtp
static (inside,outside) 65.x.x.192 10.10.10.50 netmask 255.255.255.255 0 0
I think I'll need to add the following for the backup machine:
access-list outside_in permit tcp any host 65.x.x.193 eq smtp
static (inside,outside) 65.x.x.193 10.10.10.51 netmask 255.255.255.255 0 0
There is also a line in the current config that reads:
access-list outside_in permit tcp any host 65.x.x.192 eq www What is this for (OWA)? Looking at an older config form this PIX when the company had a backup mail server there is not a line similar to this referencing the backup server, only the one for smtp.
Thanks in advance.
ASKER
OK but i am looking for what commands to use to edit the config. I am somewhat familiar with the commands but it's a production box and I can't afford to guess. I can get to here (which isn't very far..)
telnet to pix, login, enable and then wr t. not sure if it's 'config t' to edit or what to do after that to save the config.
The only real work I have done with routers and firewalls is to reset the password and rebuild the config of a 2600, which was a spare. No deadline just had to make it work when we gave back the ISP their loaner.
We tried to upgrade to 6.3.(4) last year and had major problems with one of our remote connections, (outside vendor used for terminal server access) the tunnel to the remote vendor would not stay up and we had to initiate the conn from inside. after about a week of trying to figure out the problem and several remote user complaints we decieded to roll back the OS.
telnet to pix, login, enable and then wr t. not sure if it's 'config t' to edit or what to do after that to save the config.
The only real work I have done with routers and firewalls is to reset the password and rebuild the config of a 2600, which was a spare. No deadline just had to make it work when we gave back the ISP their loaner.
We tried to upgrade to 6.3.(4) last year and had major problems with one of our remote connections, (outside vendor used for terminal server access) the tunnel to the remote vendor would not stay up and we had to initiate the conn from inside. after about a week of trying to figure out the problem and several remote user complaints we decieded to roll back the OS.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Worked thanks!
ASKER
Also I confirmed the www line was for owa and added that as well with the IP of the backup machine.
you may want to also reapply the acl to the interface to be sure it applies and clear the xlate after the static entry to ensure that the backup machine is referenced correctly
access-group outside_in in interface outside
clear xlate
also, I would recommend an os upgrade to 6.3(5). Then study the changes that have occurred in 7.x and see if you want to upgrade to that eventually.