No announcement yet.

Pix 515e Not able to recieve emai with Exchange

  • Filter
  • Time
  • Show
Clear All
new posts

  • Pix 515e Not able to recieve emai with Exchange

    I have done all the troubleshooting I can think of. My ISP and my domain MX records have been confirmed to be correct. The last problem I can think of, is that my PIX is blocking the traffic. Can you verify my config is correct please?

    PIX Version 8.0(4)32
    hostname pixfirewall
    enable password DQucN59Njn0OjpJL encrypted
    passwd DQucN59Njn0OjpJL encrypted
    name exchange
    interface Ethernet0
    nameif outside
    security-level 0
    ip address
    interface Ethernet1
    nameif inside
    security-level 100
    ip address
    interface Ethernet2
    nameif exchange
    security-level 100
    ip address
    ftp mode passive
    dns domain-lookup inside
    dns server-group DefaultDNS
    access-list smtp_in extended permit tcp any host eq smtp
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    mtu exchange 1500
    icmp unreachable rate-limit 1 burst-size 1
    icmp deny any outside
    asdm image flash:/asdm-61551.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1
    static (inside,outside) tcp interface smtp exchange smtp netmask
    router eigrp 1
    route outside 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community *****
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect http
    inspect ils
    service-policy global_policy global
    prompt hostname context
    : end

    Here is my network layout

    Cable modem --->Pix ------> Cisco 3745 -----> Switch ------>Exhcnage Server

  • #2
    Re: Pix 515e Not able to recieve emai with Exchange

    maybe not this
    but you've got a Shutdown command on your exchange interface..

    interface Ethernet2
    nameif exchange
    security-level 100
    ip address
    plus.. higher up, you've got name exchange (or soemthing?) maybe it's confused and routing the traffic to the wrong place.

    also, what's your network numbering like? what's the IP address of the exchange server?
    have you tried telnetting to the interface from outside?
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Pix 515e Not able to recieve emai with Exchange

      access-group smtp_in in interface outside

      Have you checked the logs on the pix? Should be easy to see if inbound smtp traffic is being blocked.
      Last edited by auglan; 16th May 2012, 13:59.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)