PAT, One IP and SMTP

Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!

Threaded View

Subject
Author
Posted on

PAT, One IP and SMTP
TechinLA
10-10-2006

TechinLA
Contact options for registered users

posted on
October 10, 2006, 2:57 pm

rate this thread

EXCELLENT
VERY GOOD
GOOD
FINE
BAD

Report it

Save

I have a PIX 515 and it is connected to one remote office with site-to-site
vpn IPSEC tunnel (pix 506) in addition to being the firewall for internet
access for the company. I need to host a MS Exchange 2000 server behind the
515. I understand that Exchange won't work with the mailguard feature
correctly so from what I have seen I should just setup SMTP forwarding to
the internal (private IP) Exchange box. However, when I run the first
command to do this, which is #static (inside, outside) x.x.x.x etc.. The vpn
stops and the internet access stops. So, my question what are the
commands/steps needed to forward SMTP traffic to a mailserver that is behind
a 515 using PAT for outbound traffic and assigned one IP address on the
external interface? Thanks in advance for anybody who can shed some light on
this.

DJ

Brian V
Contact options for registered users

posted on
October 10, 2006, 9:28 pm
Permalink

Save

Re: PAT, One IP and SMTP

You need to do PAT statics, not 1 to 1. You do this by specifying the
protocol and in your case using the outside IP which is specified by using
the word interface.

example: using 192.168.10.10 as your mail servers private IP
static (inside,outside) tcp interface 25 192.168.10.10 25 netmask
255.255.255.255

You also need to permit it thru your outside access list

access-list outside permit tcp any any eq 25
access-group outisde in interface outside

-Brian