Solved

send mail out dmz using static address

Posted on 2006-11-02
2
181 Views
Last Modified: 2010-04-08
i have a dmz with a mail server - i want that mail server to use the same public ip 1.2.3.24 when it sends email to the world.
currently it will send mail but using the public ip all the inside users use. this is urgent b/c we dont want to get blacklisted.
i'll attach part of the config.

global (outside) 1 interface
global (outside) 10 1.2.3.24
global (DMZ1) 1 10.10.5.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.34 https netmask 255.25
5.255.255 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.17 https netmask 255.25
5.255.255 0 0
static (inside,outside) tcp x.x.x.x https 172.16.1.35 https netmask 255.25
5.255.255 0 0
static (DMZ1,outside) x.x.x.x  10.10.5.10 netmask 255.255.255.255 0 0
static (inside,DMZ1) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0
static (inside,outside) x.x.x.x  172.16.1.24 netmask 255.255.255.255 0 0
static (DMZ1,outside) 1.2.3.24 10.10.5.2 netmask 255.255.255.255 0 0
0
Comment
Question by:jmcrae72
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17865659
>static (DMZ1,outside) 1.2.3.24 10.10.5.2 netmask 255.255.255.255 0 0
This static should already guarantee that this dmz1 host uses 1.2.3.24 for outbound.
Just try issueing "clear xlate" or reboot the PIX
You can also remove this:
 >global (outside) 10 1.2.3.24
0
 

Author Comment

by:jmcrae72
ID: 17867833
thats what i thought too.
we finally got it to work by changing the commands below - the rest of the config remains the same.
nat (DMZ1) 10 0.0.0.0 0.0.0.0 0 0
static (DMZ1,outside) 1.2.3.24 10.10.5.2

thanks for all the help. the email solution is now in production and working great.
this site really helped me understand the functionality of the pix.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Firewall vs WYSIWYG editor 5 73
Do I need a hardware firewall? 12 73
Firewall attack 16 133
Palo Alto Networks Global Protect 2 51
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now