12-20-2007 05:29 AM - edited 03-12-2019 05:53 PM
Hello...I just dropped a PIX 515e (which has 7.2(2) running on it). They have an MS Exchange server on the inside, Static NAT to a public IP...the box is able to send email outbound no problem, but not able to receive INBOUND smtp..syslog shows "FIN timeouts" on teardowns. Any help on this would be greatly appreciated!
12-20-2007 06:27 AM
Vince-
Have you created a NAT translation for inbound access?
static (inside,outside) tcp [outside ip] 25 [inside ip] 25 netmask 255.255.255.255
Have you also create an access-list to allow SMTP inbound?
12-20-2007 06:58 AM
yes, it's a static one-to-one translation, and also access rules allowing SMTP outbound (which is working) and also ACLs allowing SMTP, HTTPS, HTTP, etc, from outside to this host...from the remote office, I am able to "telnet" with port 25 to this server (and see the syslog message: "built inbound TCP connection 35685 for outside:x.x.x.x/8387 to inside:HS_EXCHANGE/25(x.x.x.x)
So I know the port is open to this box....I didn't make any changes to the IP addresses (from their old software firewall)....I'm just not seeing any "inbound" connections being built, besides the one I tried w/Telnet....maybe the upstream SPAM filter?
12-20-2007 09:57 AM
Ok, problem solved. I was using the name of the server "HS_EXCHANGE" in the ACL for the outside interface. I changed the name to the actual traslated Public IP address of the server, within the ACL, and now it works. I never had to do this on the old version of PIX code...something new maybe.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide