cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
513
Views
0
Helpful
3
Replies

No incoming SMTP PIX 515 7.2(2)

pizzov
Level 1
Level 1

Hello...I just dropped a PIX 515e (which has 7.2(2) running on it). They have an MS Exchange server on the inside, Static NAT to a public IP...the box is able to send email outbound no problem, but not able to receive INBOUND smtp..syslog shows "FIN timeouts" on teardowns. Any help on this would be greatly appreciated!

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

Vince-

Have you created a NAT translation for inbound access?

static (inside,outside) tcp [outside ip] 25 [inside ip] 25 netmask 255.255.255.255

Have you also create an access-list to allow SMTP inbound?

yes, it's a static one-to-one translation, and also access rules allowing SMTP outbound (which is working) and also ACLs allowing SMTP, HTTPS, HTTP, etc, from outside to this host...from the remote office, I am able to "telnet" with port 25 to this server (and see the syslog message: "built inbound TCP connection 35685 for outside:x.x.x.x/8387 to inside:HS_EXCHANGE/25(x.x.x.x)

So I know the port is open to this box....I didn't make any changes to the IP addresses (from their old software firewall)....I'm just not seeing any "inbound" connections being built, besides the one I tried w/Telnet....maybe the upstream SPAM filter?

Ok, problem solved. I was using the name of the server "HS_EXCHANGE" in the ACL for the outside interface. I changed the name to the actual traslated Public IP address of the server, within the ACL, and now it works. I never had to do this on the old version of PIX code...something new maybe.

Review Cisco Networking for a $25 gift card