?
Solved

send mail out dmz using static address

Posted on 2006-11-02
2
Medium Priority
?
207 Views
Last Modified: 2010-04-08
i have a dmz with a mail server - i want that mail server to use the same public ip 1.2.3.24 when it sends email to the world.
currently it will send mail but using the public ip all the inside users use. this is urgent b/c we dont want to get blacklisted.
i'll attach part of the config.

global (outside) 1 interface
global (outside) 10 1.2.3.24
global (DMZ1) 1 10.10.5.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.34 https netmask 255.25
5.255.255 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.17 https netmask 255.25
5.255.255 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.35 https netmask 255.25
5.255.255 0 0
static (DMZ1,outside) x.x.x.x  10.10.5.10 netmask 255.255.255.255 0 0
static (inside,DMZ1) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0
static (inside,outside) x.x.x.x  172.16.1.24 netmask 255.255.255.255 0 0
static (DMZ1,outside) 1.2.3.24 10.10.5.2 netmask 255.255.255.255 0 0
0
Comment
Question by:jmcrae72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 17865659
>static (DMZ1,outside) 1.2.3.24 10.10.5.2 netmask 255.255.255.255 0 0
This static should already guarantee that this dmz1 host uses 1.2.3.24 for outbound.
Just try issueing "clear xlate" or reboot the PIX
You can also remove this:
 >global (outside) 10 1.2.3.24
0
 

Author Comment

by:jmcrae72
ID: 17867833
thats what i thought too.
we finally got it to work by changing the commands below - the rest of the config remains the same.
nat (DMZ1) 10 0.0.0.0 0.0.0.0 0 0
static (DMZ1,outside) 1.2.3.24 10.10.5.2

thanks for all the help. the email solution is now in production and working great.
this site really helped me understand the functionality of the pix.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question