Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
2
Replies

Exchange 2003 and Pix 506e Mail Problems

CarmenPayne
Level 1
Level 1

‎07-27-2004 08:24 AM - edited ‎02-20-2020 11:31 PM

Good day Everyone. I was hoping that some one may have run it the problem that has been stumping us.

We are running a Cisco Pix 506e firewall which sits in front of an ISA server behind which is our exchange 2003 server. We are only running 1 exchange server. Our problem is that we are able to send external mail but are unable to receive external mail. The internal mail delivery is working fine. We have determined that the problem lie with the PIX since when we remove it mail works like a charm. We have found several article that say to turn off mail fixup which we have but are still having no luck. The version of IOS is 6 on the pix. We have also found article of how to configure pix to run with 2 exchange servers but have had no luck finding anything on our setup. I'm sure that we are not the only people that run only 1 mail server.

So if anyone can offer any suggestions on what might be a possible resolution we would greatly apprecieate it.

You can either reply here or contact me directly by email payne.ci@forces.gc.ca

Thanks very much for your time

Carmen Payne

0 Helpful
2 Replies 2

joe_wilkins2001
Level 1
Level 1

‎07-27-2004 10:40 AM

Carmen,

Have you created all the access list rules allowing incoming email along with the static mappings on the pix? By default the pix will allow all outgoing traffic but all traffic coming from a lower to a higher interface must have an access list allowing it. You will need to have an access list entry that allows all SMTP and/or POP3 destined for you email public address. Then you will a static mapping telling the pix where to send that traffic. I would guess that you would map your public email ip address to your ISA sever which will in turn send it to the Exchange server. Exchange server uses Enhanced SMTP which is why you also need to disable the SMTP fix-up.

I hope that helps.

Joe

0 Helpful

jmia
Level 7
Level 7

‎07-27-2004 11:20 PM

Carmen,

What the other post stated is correct, You'll need a ACL for SMTP on the outside interface and also a static one-to-one translation for access to your mail server on the inside LAN.

As an example:

access-list outside_mail_in permit tcp any host eq smtp

access-group outside_mail_in in interface outside

static (inside,outside) tcp smtp smtp dns netmask 255.255.255.255 0 0

That public-IP should should correspond to your MX record for SMTP.

Remember to issue clear xlate after the modifiaction and save with write mem.

Also, check the following document for further help or let me know if you need further assistance.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

Hope this resolves you problem

Jay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card