Cisco PIX config - cannot reach new mail server

Posted on 2010-01-09
Medium Priority
Last Modified: 2012-05-08
I made what I thought would be a very simple change to our Cisco PIX firewall to allow mail and OWA access to our new Exchange 2007 server. We recently added a new Exchange 2007 server into an existing Exchange 2003 single server environment with the intention of decommissioning the old Exch 2003 box.

Here's more background:

I migrated all mailboxes from an old Exch 2003 server (LAN IP: to a new Exch 2007 server (LAN IP: All mailboxes were moved last night. On the LAN I can telnet to all the appropriate ports on the new email server (25, 443, 80, etc). From the Internet I cannot telnet to any of those ports.

I've attached the original config and the newest. All I changed was the line "name MailServer" to "name MailServer". I wrote the config to memory.

Can someone look at this config and tell me why email won't flow into the mail server from the web? I'm at a complete loss.

Thanks in advance!!

Question by:redeyeinc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 74

Expert Comment

by:Glen Knight
ID: 26274281
Have you tried simply restarting the firewall?

Also what do the logs say when you try to access it?
LVL 25

Accepted Solution

Ken Boone earned 2000 total points
ID: 26274299
So what you did was change the translations.  When you do that you need to issue the following command from the CLI:  clear xlate

That will flush out the old static translations and insert the new translations.
LVL 74

Expert Comment

by:Glen Knight
ID: 26274336
Presumably restarting will also do that? :-)
LVL 25

Expert Comment

by:Ken Boone
ID: 26274468
Yes it will.  I didn;t see your post before I responded.

Author Comment

ID: 26274507
Clear xlate seems to have helped. Mail now flows into new mail server. Outbound mail works as well. Wow I wish I knew Cisco. ;)  

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses
Course of the Month14 days, 17 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question