Exchange2003 and pix firewall

peter.saldanha · ‎05-25-2005

Hi

I am using exchange 2003 server in my network and it is connected to inside interface of the pixfirewall which goes to leased line. In the firewall I have given a static nat for the exchange server also I have 16 global IPs nat to internal network.

Now I have a problem when the mail is going out it is using one of in the global IP range and it is changing always. I want it to have permanently the static nat public IP. How do I solve this?

Thanks

Peter

aashish.c · ‎05-25-2005

Hi,

its confusing, as you said you have statically mapped ur exchange server to 1 public IP,then again mails are going out using different IPs.

I would request you to paste the NAT config here, so that we can check.

regards

aashish C

jmia · ‎05-25-2005

Peter,

Is there any reason why you can not use one of those public IP’s for your outside interface of your pix and use the rest of the public IP’s for other services, such as access to internal mail servers, web servers, ftp servers etc?

So, you can now have ALL e-mails coming to one public IP and this will be mapped to your internal mail server on port 25, this way you’ll not lose connectivity for e-mail send/receive.

Example:

access-list outside-in permit tcp any host eq smtp

access-group outside-in in interface outside

static (inside,outside) tcp smtp smtp netmask 255.255.255.255 0 0

ip address outside

ip address inside

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

If you need further help then let me know.

Hope this helps a little,

Jay

peter.saldanha · ‎05-25-2005

Jay

I had used same configuration what you have mentioned above. I have given a global public ip range and used a static public ip to my exchange server which is outside the nat global ip range. Still exchange when it goes out uses one of the address from NAT public ip range

Peter