Announcement

Collapse
No announcement yet.

Pix 515e Not able to recieve emai with Exchange

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pix 515e Not able to recieve emai with Exchange

    I have done all the troubleshooting I can think of. My ISP and my domain MX records have been confirmed to be correct. The last problem I can think of, is that my PIX is blocking the traffic. Can you verify my config is correct please?

    PIX Version 8.0(4)32
    !
    hostname pixfirewall
    domain-name home.jkkcc.com
    enable password DQucN59Njn0OjpJL encrypted
    passwd DQucN59Njn0OjpJL encrypted
    names
    name 192.168.2.22 exchange
    !
    interface Ethernet0
    nameif outside
    security-level 0
    ip address xxx.xxx.118.208 255.255.255.224
    !
    interface Ethernet1
    nameif inside
    security-level 100
    ip address 10.0.20.1 255.255.255.248
    !
    interface Ethernet2
    shutdown
    nameif exchange
    security-level 100
    ip address 10.0.30.1 255.255.255.248
    !
    ftp mode passive
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 68.105.28.16
    name-server 68.105.29.16
    domain-name home.jkkcc.com
    access-list smtp_in extended permit tcp any host xxx.xxx.118.208 eq smtp
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    mtu exchange 1500
    icmp unreachable rate-limit 1 burst-size 1
    icmp deny any outside
    asdm image flash:/asdm-61551.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp interface smtp exchange smtp netmask 255.255.255.255
    !
    router eigrp 1
    network 10.0.0.0 255.0.0.0
    network 192.168.0.0 255.255.255.0
    network 192.168.2.0 255.255.255.0
    network 192.168.4.0 255.255.255.0
    !
    route outside 0.0.0.0 0.0.0.0 24.234.118.193 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    http server enable
    http 0.0.0.0 0.0.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community *****
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect http
    inspect ils
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:0a435a79db9212e8f8c23a3b60f77a23
    : end

    Here is my network layout

    Cable modem --->Pix ------> Cisco 3745 -----> Switch ------>Exhcnage Server

  • #2
    Re: Pix 515e Not able to recieve emai with Exchange

    maybe not this
    but you've got a Shutdown command on your exchange interface..

    interface Ethernet2
    shutdown
    nameif exchange
    security-level 100
    ip address 10.0.30.1 255.255.255.248
    plus.. higher up, you've got name exchange 192.168.2.22 (or soemthing?) maybe it's confused and routing the traffic to the wrong place.

    also, what's your network numbering like? what's the IP address of the exchange server?
    have you tried telnetting to the interface from outside?

    sigpic


    Please do show your appreciation to those who assist you by leaving Rep Point

    Comment


    • #3
      Re: Pix 515e Not able to recieve emai with Exchange

      access-group smtp_in in interface outside


      Have you checked the logs on the pix? Should be easy to see if inbound smtp traffic is being blocked.
      Last edited by auglan; 16th May 2012, 13:59.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)

      Comment

      Working...
      X