email server & PIX question

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Hi,
I know how to do static map if i want to allow people to access my exchange
server which is located inside a PIX 515, but the problem is I dont have any
spare public IP . Is there any way to do that using the outside Interface
IP?
Thanks in advance for any help




Re: email server & PIX question



Quoted text here. Click to load it

I've only just started looking at the PIX stuff in the last few days but
can't you just use the static command and specify the ports in question,
assuming you only have one Exchange server (or sever that uses the same
ports) on the network behind the firewall, I don't see why that won't
work from the information you have given.
--
-> The email address used in this message *IS* valid <-


Re: email server & PIX question


Port forwarding not working?

Map any incoming requests for that port on your outside interface to
your exchange server's private ip/port. If you use a rarely used port
for listening on your WAN interface it can aid in preventing
unauthorized access to your server.

-Dan

Rob wrote:

Quoted text here. Click to load it


Re: email server & PIX question


That means I can map the outside IP to a private one and at the same time
use it as outiside IP? So both server and outside interface would have the
same IP address, doesnt it make any problem?
Thanks-Rob

Quoted text here. Click to load it
exchange
any
Interface




Re: email server & PIX question


Hi Rob,

Yes, you can do that with no problem.  The trick is, you only static map the
"port".  When you do the static map, do the following:

   static (inside,outside) tcp interface port_number inside_ip port_number
netmask 255.255.255.255

I assume you do this already:

   global (outside) nat_inside_number interface



Tom


Quoted text here. Click to load it
have




Site Timeline