Solved

send mail out dmz using static address

Posted on 2006-11-02
2
188 Views
Last Modified: 2010-04-08
i have a dmz with a mail server - i want that mail server to use the same public ip 1.2.3.24 when it sends email to the world.
currently it will send mail but using the public ip all the inside users use. this is urgent b/c we dont want to get blacklisted.
i'll attach part of the config.

global (outside) 1 interface
global (outside) 10 1.2.3.24
global (DMZ1) 1 10.10.5.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.34 https netmask 255.25
5.255.255 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.17 https netmask 255.25
5.255.255 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.35 https netmask 255.25
5.255.255 0 0
static (DMZ1,outside) x.x.x.x  10.10.5.10 netmask 255.255.255.255 0 0
static (inside,DMZ1) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0
static (inside,outside) x.x.x.x  172.16.1.24 netmask 255.255.255.255 0 0
static (DMZ1,outside) 1.2.3.24 10.10.5.2 netmask 255.255.255.255 0 0
0
Comment
Question by:jmcrae72
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17865659
>static (DMZ1,outside) 1.2.3.24 10.10.5.2 netmask 255.255.255.255 0 0
This static should already guarantee that this dmz1 host uses 1.2.3.24 for outbound.
Just try issueing "clear xlate" or reboot the PIX
You can also remove this:
 >global (outside) 10 1.2.3.24
0
 

Author Comment

by:jmcrae72
ID: 17867833
thats what i thought too.
we finally got it to work by changing the commands below - the rest of the config remains the same.
nat (DMZ1) 10 0.0.0.0 0.0.0.0 0 0
static (DMZ1,outside) 1.2.3.24 10.10.5.2

thanks for all the help. the email solution is now in production and working great.
this site really helped me understand the functionality of the pix.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is my Machine open to hackers 3 91
Watchguard XTM 2 70
Videos Blocked on espn.com 7 142
The endless cat and mouse game of fail2ban 4 99
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now