Pix506e problem - dslreports.com

Author	All Replies
Exit304 join:2005-09-16	Pix506e problem Hi guys, I need help with Pix506. I read your posts and find a lot helpful information. I don't have experience with Cisco, so I followed the link where Pix506 configured for Exchange:»PIX 506E Configuration that is exactly what I need. But when I just add static (inside,outside) command for my mail server, internet stop working on my workstations, and they still send-receive only internal e-mails. If I remove that line, I have internet connection on Workstations, but still no external e-mails. Please take a look on my current configuration, and any help will be appreciated. Building configuration... : Saved : PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname xxpix domain-name xxxx.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 101 permit tcp any host xxx.xxx.118.80 eq smtp access-list 101 permit tcp any host xxx.xxx.118.80 eq pop3 access-list 101 permit tcp any host xxx.xxx.118.80 eq imap4 access-list 101 permit tcp any host xxx.xxx.118.80 eq 993 access-list 101 permit tcp any host xxx.xxx.118.80 eq nntp access-list 101 permit tcp any host xxx.xxx.118.80 eq 563 access-list 101 permit tcp any host xxx.xxx.118.80 eq 3389 access-list 101 permit tcp any host xxx.xxx.118.80 eq https access-list 101 permit tcp any host xxx.xxx.118.80 eq domain access-list inside_access_in permit tcp any any access-list inside_access_in permit udp any any access-list inside_access_in permit icmp any any access-list inside_access_in permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside xxx.xxx.118.80 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.1.10 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 192.168.1.0 255.255.255.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) interface 192.168.1.10 netmask 255.255.255.255 0 0 access-group 101 in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 xxx.xxx.64.169 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside terminal width 80 Cryptochecksum:8ba76273488bde0cc12a938f9fb215d5 : end [OK]
Exit304 join:2005-09-16	to forum · permalink · · 2005-09-16 13:34:35 ·
Jugaad join:2002-04-28 MARS!!	This happened because static translation takes precedence over dynamic translation. I would advice you to go with port redirection instead. Enter something like this: static (inside,outside) tcp interface 25 192.168.1.10 25 This will ensure that only the tcp port 25 gets forwarded to your mail server and rest of the users can still use the dynamic translation. -- Not able to get online? Good!! Go out and meet friends
Jugaad join:2002-04-28 MARS!!	to forum · permalink · · 2005-09-16 18:35:08 ·
Exit304 join:2005-09-16	Thanks for the reply. I was on vacation so, sorry for delay answer. I changed that static line and got Internet connection from my workstation, but still have problem with the External e-mails. when i replace the CISCO with regular Linksys, with same port configuration E-mails works. Also i can PING External Exchange IP's from Outside interface, but no respond from inside interface. What else I’m missing in my configuration??? Thank you for your help.
Exit304 join:2005-09-16	to forum · permalink · · 2005-09-26 16:29:18 ·
Jugaad join:2002-04-28 MARS!!	PIX won't allow you to ping public ip address of the mail server from inside hosts. -- Not able to get online? Good!! Go out and meet friends
Jugaad join:2002-04-28 MARS!!	to forum · permalink · · 2005-09-27 10:02:46 ·


Wednesday, 09-Dec 04:32:30	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF