Announcement

Collapse
No announcement yet.

pix to exchange smtp problem :)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • pix to exchange smtp problem :)

    hi guys, im back again...
    i was called in to install an exchange server at an already setup enviroment.
    they have a zyxel dsl router, and a pix 506e firewall.

    im not having any luck with the routing of the mail, internal or external.

    all i need to do is allow the mail to be received and sent.

    i am submitting the config of the pix firewall.

    Password:
    Type help or '?' for a list of available commands.
    pixfirewall> ena
    Password: *****
    pixfirewall# show run
    : Saved
    :
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    domain-name ciscopix.com
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 10.0.0.202 WebServer
    name xxx.xxx.44.224 Terminal_IN
    name 10.0.0.1 FTPServer
    name xxx.xxx.211.27 zyxel
    access-list outside_access_in remark ecentric admin
    access-list outside_access_in permit tcp any host xxx.xxx.99.200 eq 8082
    access-list outside_access_in remark eeg
    access-list outside_access_in permit tcp any host xxx.xxx.99.200 eq www
    access-list outside_access_in permit tcp Terminal_IN 255.255.255.224 host xxx.xxx.99.200 eq 3389
    access-list outside_access_in permit tcp host xxx.xxx.193.237 host xxx.xxx.99.200 eq 3389
    access-list outside_access_in permit tcp any host 193.92.99.195 eq ftp
    access-list outside_access_in deny ip any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside xxx.xxx.99.194 255.255.255.240
    ip address inside 10.0.0.240 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 10.0.0.0 255.255.255.0 inside
    pdm location WebServer 255.255.255.255 inside
    pdm location Terminal_IN 255.255.255.224 outside
    pdm location FTPServer 255.255.255.255 inside
    pdm location zyxel 255.255.255.255 outside
    pdm location xxx.xxx.193.237 255.255.255.255 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) xxx.xxx.99.200 WebServer netmask 255.255.255.255 0 0
    static (inside,outside) xxx.xxx.99.195 FTPServer netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 xxx.xxx.99.193 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 10.0.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet 10.0.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    terminal width 80
    Cryptochecksum:832141a69093765ad53c3f0a8326e747
    : end


    the ip address of my mail server is 10.0.0.151

    i had submitted these commands, and it didnt work, plus, my users didnt have access to the internet.
    name 10.0.0.151 mailServer
    access-list outside_access_in permit tcp any host 193.92.99.194 eq smtp
    pdm location mailServer 255.255.255.255 inside
    static (inside,outside) 193.92.99.194 mailServer netmask 255.255.255.255 0 0

    i have no knowledge of pix...
    i am onsite, and looking for assistance...

    all i need to do, i repeat, is to allow for my mail to come in, and go out, and for my users to have access to the net all at once...at least thats my part....

    thanks

  • #2
    Re: pix to exchange smtp problem

    at the end of that access list is 'deny ip any any'; you did make sure the 'access-list outside_access_in permit tcp any host 193.92.99.194 eq smtp' was BEFORE that last statement, right?

    Comment


    • #3
      Re: pix to exchange smtp problem

      I'll see that you enabled the HTTP server on it so you cn use the gui i asume.
      Use that to make it easier for you and make sure you put it before the deny ip any any rule.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: pix to exchange smtp problem

        Hi kvouzoplis,
        I see that your server is up and your issue has been solved.
        Could you please get back to use with feedback, what was the problem?
        The pix configuration looks good, it is happened to be a routing problem?
        thanks
        Regards,
        Csaba Papp
        MCSA+messaging, MCSE, CCNA
        ...............................
        Remember to give credit where credit is due and leave reputation points where appropriate
        .................................

        Comment

        Working...
        X