Enable two smtp server on PIX

Scenario:

Internet Router <-----> Pix <-----> ISA1 <------->Exch1
......................................................ISA2 <------->Exch2

Dear Sirs, due the necessity of changing our domain, I want to implement the scenario above.
I have installed the setting on the line 1 and work fine, then I want to add a second ISA and second Exchange. I trying just copy the configuration from 1 to 2 with correct IPs, but there is no email flowing between the two domain.
candacostaAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
periferralConnect With a Mentor Commented:
two things.
one, you might want to enable smtp fixup
fixup protocol smtp 25

second
route inside 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.x  -----Route to Isa1
route inside 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.x ------Route to Isa2

are the 2 192 subnets different? it is unclear from the route statements. If they are the same, then it wont work. I will probably do a first match.

the rest of your configuration looks okay to me.
0
 
p_nutsCommented:
do you mean that the pix should use 2 smtp's or that you want to enable smtp traffic to flow to 2 different smtp servers?
if you want the last.
What direction do you want to allow the traffic to flow? and do you have multiple External IP addresses?
 
0
 
candacostaAuthor Commented:
Yes I want that PIX use 2 diferent smtp servers.

Canda
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
periferralCommented:
can you post the existing configuration of the working smtp server? you can change the IPs to not reveal your network information
0
 
candacostaAuthor Commented:
First of all I want to say that for teste purpose to avoid any problem from the Firewall (ISA2006), all traffic are enable.

PIX Configuration:
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names

access-list exchange permit tcp any host xx.x.x.3 eq smtp ---ACL to the SMT Server that not Work
access-list exchange permit tcp any host xx.x.x.7 eq smtp ---ACL to the SMT Server that Work

pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500

ip address outside xx.x.x.x 255.255.255.0
ip address inside xxx.xxx.xxx.x 255.255.255.0
ip address intf2 xxx.xxx.xxx.x 255.255.255.0

ip audit info action alarm
ip audit attack action alarm reset
pdm location xxx.xxx.xxx.x 255.255.255.0 inside
pdm location xxx.xxx.xxx.x 255.255.255.0 inside
pdm history enable
arp timeout 14400

global (outside) 1 xx.x.x.x

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp xx.x.x.3 smtp xxx.xxx.xxx.x smtp netmask 255.255.255.255 ----Static translation for SMTP Server that not Working

static (inside,outside) tcp xx.x.x.7 smtp xxx.xxx.xxx.x smtp netmask 255.255.255.255 ----Static translation for SMTP Server Working

access-group exchange in interface outside

route outside 0.0.0.0 0.0.0.0 xx.x.x.x ------ Route to EndRouter


route inside 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.x  -----Route to Isa1

route inside 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.x ------Route to Isa2

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http xxx.xxx.xxx.0 255.255.255.0 inside
http xxx.xxx.xxx.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
telnet 192.xxx.xxx.0 255.255.255.0 inside
telnet 192.xxx.xxx.0 255.255.255.0 inside
telnet timeout 30
ssh timeout 30
console timeout 0
0
 
candacostaAuthor Commented:
Just to be more clear, we have in place a configuration called "back to back firewall" ISA behind the PIX

tks

Canda
0
All Courses

From novice to tech pro — start learning today.