Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
340
Views
4
Helpful
1
Replies

DOUBLE PIX with nat: pix v. 6.3(4) + v. 7.1(2)

ROBERTO TACCON
Level 4
Level 4

‎03-21-2006 03:35 AM - edited ‎02-21-2020 12:47 AM

I have a problem with 2 pix connected as follow:

CLIENT INSIDE ---> PIX 6 (NAT) ---> PIX 7 (NAT) ---> INTERNET SMTP SERVER OUTSIDE.

if the client try to connect to ANY the ESMTP Server on internet (telnet to port TCP 25) the connection hang up: on the cleitn I can see the banner 220: OUT MSG.

(If the client try the same connection with only 1 pix all is OK !!)

The firewalls do nat; the fixup smtp and the inspect ESMTP are disabled.

Any idea ? It's a bug ? The double nat break the connection ?

Best regards.

Roberto Taccon

0 Helpful
1 Reply 1

Patrick Laidlaw
Level 4
Level 4

‎03-22-2006 11:54 AM

Roberto,

I've always tried not to use double nat. It really does break a lot of different protocols and causes a ton of troubleshooting headaches. If it's possible try not to use nat on the inside firewall. If its some sore of requriement that you use double nat then here is what I would start doing. Capture the traffic between the client on the inside, between the two pix's and on the outside for the pix 7.0. Look to see if the smtp traffic is being augmented in anyway besides the ip address being changed.

I was just thinking you said the fixup smtp was turned off, is it turned off on both firewalls or just one. This really only changes information to mask what kind of mail server your using.

Let us know what you find out.

Patrick

Review Cisco Networking for a $25 gift card
Top