Have a question or want to start a discussion? Post it! No Registration Necessary.
Now with pictures!
Subject
- Posted on
PAT, One IP and SMTP
- 10-10-2006
- TechinLA
October 10, 2006, 2:57 pm

I have a PIX 515 and it is connected to one remote office with site-to-site
vpn IPSEC tunnel (pix 506) in addition to being the firewall for internet
access for the company. I need to host a MS Exchange 2000 server behind the
515. I understand that Exchange won't work with the mailguard feature
correctly so from what I have seen I should just setup SMTP forwarding to
the internal (private IP) Exchange box. However, when I run the first
command to do this, which is #static (inside, outside) x.x.x.x etc.. The vpn
stops and the internet access stops. So, my question what are the
commands/steps needed to forward SMTP traffic to a mailserver that is behind
a 515 using PAT for outbound traffic and assigned one IP address on the
external interface? Thanks in advance for anybody who can shed some light on
this.
DJ
vpn IPSEC tunnel (pix 506) in addition to being the firewall for internet
access for the company. I need to host a MS Exchange 2000 server behind the
515. I understand that Exchange won't work with the mailguard feature
correctly so from what I have seen I should just setup SMTP forwarding to
the internal (private IP) Exchange box. However, when I run the first
command to do this, which is #static (inside, outside) x.x.x.x etc.. The vpn
stops and the internet access stops. So, my question what are the
commands/steps needed to forward SMTP traffic to a mailserver that is behind
a 515 using PAT for outbound traffic and assigned one IP address on the
external interface? Thanks in advance for anybody who can shed some light on
this.
DJ

Re: PAT, One IP and SMTP

You need to do PAT statics, not 1 to 1. You do this by specifying the
protocol and in your case using the outside IP which is specified by using
the word interface.
example: using 192.168.10.10 as your mail servers private IP
static (inside,outside) tcp interface 25 192.168.10.10 25 netmask
255.255.255.255
You also need to permit it thru your outside access list
access-list outside permit tcp any any eq 25
access-group outisde in interface outside
-Brian
Site Timeline
- » Making The Pirate Bay obsolete
- — Next thread in » Cisco Certification
-
- » Type 5 LSA
- — Previous thread in » Cisco Certification
-
- » digital printing|custom printed packaging |computerized cutting services.
- — Newest thread in » Cisco Certification
-
- » The Phantom of the Open-Source Opera [telecom]
- — The site's Newest Thread. Posted in » General Telecommunications Forum
-