configuring PIX for exchange server (SMTP) - Cisco Community

321

Views

5

Helpful

4

Replies

i have made this config from the cisco website. will this config work for me, so that my exchange smtp traffic comes and goes thru this pix.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

enable password xxxx

passwd xxxx

hostname SanQuentin

domain-name noplace.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 ras 1718-1719

fixup protocol h323 h225 1720

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

no names

access-list smtp permit tcp any host 209.x.x.5 eq smtp

!

pager lines 24

logging on

logging timestamp

no logging standby

logging console debugging

logging monitor debugging

logging buffered debugging

logging trap debugging

no logging history

logging facility 23

logging queue 512

interface ethernet0 auto

interface ethernet1 auto

interface ethernet 2 auto

!

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address inside 192.168.1.1 255.255.255.252

ip address outside 209.x.x.1 255.255.255.252

ip address dmz 172.16.128.1 255.255.255.0

no failover

!

arp timeout 14400

static (dmz,outside) 209.x.x.5 172.16.128.103 netmask 255.255.255.255

static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

access-group smtp in interface outside

route outside 0.0.0.0 0.0.0.0 209.x.x.2 1

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

terminal width 80

Cryptochecksum:xxxxx

: end

i have a serial router 2611XM. which will connect to the internet. i want to know what ip addresses would be for the serial interface connecting to leased line internet and ethernet port to which pix will be connected.?

Also what would be the MX-record ip.? PIX ip or Router IP ?

4 Replies 4

Please see my full reply to your message in the General Security forum.

As far as your MX record, it should point to the address in your static command - 209.x.x.5.

The IP address for the ethernet port of the router will be 209.x.x.2.

The IP address for the serial port will be provided by your ISP.

Hope this helps,

peter

thanks for your valuable help.

For the router is this config OK

interface Serial0

description connected to Internet

ip address negotiated

!

interface FastEthernet0

description connected to EthernetLAN

ip address 209.x.x.2 255.255.255.xxx

speed auto

!

router rip

version 2

passive-interface Serial0

network 192.168.1.0

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

Seems like this config is straight forward and should work.

I have no experience with the IP Addressing on the Serial interface, so I cannot offer advice there.

Why is the router running Rip? I don't see any direct benefit to your config.

thanks

peter

so if i remove the RIP from my config, still the configuration will work?

interface Serial0

description connected to Internet

ip address negotiated

!

interface FastEthernet0

description connected to EthernetLAN

ip address 209.x.x.2 255.255.255.xxx

speed auto

!

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

Is there any link, documentation where i can know about ip addressing on serial interface

thanks

shoeb

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card