Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
3
Replies

PIX 501 - Issues with Telnet

Go to solution
ncardinal-richards
Level 1
Level 1

‎08-06-2004 02:20 AM - edited ‎02-20-2020 11:33 PM

I am presently pre-configuring the firewall, so i have had to rig up a small network to test the config. I am able to telnet the system when i plug my laptop into the hub inside of the firewall. However, when i plug into the outside interface and telnet the outside address of the box it seems to connect but i receive no feedback and eventually it drops the connection. I am trying to telnet on port 25 (to mimic smtp traffic), the telnet server has been configured to listen on that port. when i try to telnet on 23 it refuses the connection almost immediately. Its almost like the PIX is answering the telnet request rather than the destination system. I am able to get responses from the system with various icmp traffic.

I have a static (inside,outside) mapping for the system that i wish to telnet to on port 25.

Any Ideas?

Many Thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bvanniekerk
Level 1
Level 1
In response to ncardinal-richards

‎08-06-2004 07:09 AM

I would suggest that. The fixup will prevent would-be hackers from getting HELP and VRFY from your smtp server. You will also see:

220 ****************************************************************************************************0******200******0*****0200, instead of what type of server, etc.

Glad to be of service.

Byron

View solution in original post

0 Helpful
3 Replies 3

Go to solution
bvanniekerk
Level 1
Level 1

‎08-06-2004 03:57 AM

Right. The firewall only allows certain smtp commands to be executed, when you run mailguard (fixup protocol smtp 25). Disable it and try again.

You will not be able to telnet on port 23 on the outside interface, because it has to be IPSec protected to succeed.

Hope you get sorted.

Byron

0 Helpful

Go to solution
ncardinal-richards
Level 1
Level 1

‎08-06-2004 05:51 AM

Byron,

Thanks very much for that, that has resolved my issue. Am I correct in understanding that when I place the PIX into the production environment with the Exchange server, that i should add the mailguard back into the config?

Nick

0 Helpful

Go to solution
bvanniekerk
Level 1
Level 1
In response to ncardinal-richards

‎08-06-2004 07:09 AM

I would suggest that. The fixup will prevent would-be hackers from getting HELP and VRFY from your smtp server. You will also see:

220 ****************************************************************************************************0******200******0*****0200, instead of what type of server, etc.

Glad to be of service.

Byron

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card