Cisco PIX501 Port Configuration to allow Exchange/SMTP hosting on Small Business Server 2003

Posted on 2007-07-22
Last Modified: 2013-11-30
I'm running a Microsoft SBS2003 Server w/Exchange/SQL along with a Cisco PIX501 Firewall (Current PDM & IOS) . To date, all users access e-mail via POP3/Outlook on the desktop. I'm in the process of removing the existing POP3 e-mail clients and converting all users to SMTP/Exchange on the SBS. I want to know how I should configure the PIX501 to allow Exchange/SMTP e-mail hosting on Small Business Server 2003.
Question by:ECSI06
    LVL 13

    Expert Comment

    Allow port 25 traffic inbound to the Exchange server.  If the public IP address is the same for your PIX and mail server you will not need to do anything else.  If the PIX and mail server have different public IPs you will need to setup a one-to-one NAT of the public IP address to the private IP address of the Exchange server.  

    Here are a few more ports commonly used for SBS.
    Outlook Web Access: port 443 (force SSL connection to OWA in IIS, don't allow port 80 traffic for security reasons)
    Terminal Services: port 3389
    Remote Web Workplace: port 4125
    LVL 57

    Accepted Solution

    If you have SBS2003 the OWA is already secured for port 443 out of the box - so unless you are publishing share point or another website from the SBS server you dint need to give access and port forwarding for we (TCP port 80 {https}) traffic.

    As you have a sub 75 user network and a PIX 501 I'll make a "Leap of faith" and assume you only have one public IP - be that static or assigned via DHCP.

    To get your head around how to do Port forwarding see my website here
    As usually remember to have a decent backup of the firewall prior to making any changes

    Author Comment

    I'm a novice when it comes to routers & firewalls, so thanks for the links to your clear and easy to deploy recommendation.
    LVL 57

    Expert Comment

    by:Pete Long
    :) ThanQ

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now