cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
525
Views
0
Helpful
3
Replies

PIX 501 - Issues with Telnet

I am presently pre-configuring the firewall, so i have had to rig up a small network to test the config. I am able to telnet the system when i plug my laptop into the hub inside of the firewall. However, when i plug into the outside interface and telnet the outside address of the box it seems to connect but i receive no feedback and eventually it drops the connection. I am trying to telnet on port 25 (to mimic smtp traffic), the telnet server has been configured to listen on that port. when i try to telnet on 23 it refuses the connection almost immediately. Its almost like the PIX is answering the telnet request rather than the destination system. I am able to get responses from the system with various icmp traffic.

I have a static (inside,outside) mapping for the system that i wish to telnet to on port 25.

Any Ideas?

Many Thanks in advance.

1 Accepted Solution

Accepted Solutions

I would suggest that. The fixup will prevent would-be hackers from getting HELP and VRFY from your smtp server. You will also see:

220 ****************************************************************************************************0******200******0*****0200, instead of what type of server, etc.

Glad to be of service.

Byron

View solution in original post

3 Replies 3

bvanniekerk
Level 1
Level 1

Right. The firewall only allows certain smtp commands to be executed, when you run mailguard (fixup protocol smtp 25). Disable it and try again.

You will not be able to telnet on port 23 on the outside interface, because it has to be IPSec protected to succeed.

Hope you get sorted.

Byron

Byron,

Thanks very much for that, that has resolved my issue. Am I correct in understanding that when I place the PIX into the production environment with the Exchange server, that i should add the mailguard back into the config?

Nick

I would suggest that. The fixup will prevent would-be hackers from getting HELP and VRFY from your smtp server. You will also see:

220 ****************************************************************************************************0******200******0*****0200, instead of what type of server, etc.

Glad to be of service.

Byron

Review Cisco Networking for a $25 gift card