Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
2
Replies

Pix 501 not passing smtp traffic.. Config included

bob
Level 1
Level 1

‎09-24-2003 04:55 AM - edited ‎02-20-2020 11:00 PM

Good morning fellas... Searching through the archives ive tried to fix my own problem with no luck =( Mind taking a look at the below config seeing if u find any reason why when this box is connected to the network no one can telnet into port 25 and get passed onto my internal email server?

When i took the job i also took one building which is not correctly addressed.. Internal is 191.0.64.0 255.255.224.0 ..

Thanks for any help.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list smtp permit tcp any host 65.116.xxx.xxx eq smtp

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 65.116.xxx.xxx 255.255.255.252

ip address inside 191.0.65.254 255.255.224.0

ip audit info action alarm

ip audit attack action alarm

ip local pool pptp-pool 192.168.2.1-192.168.2.50

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface smtp 191.0.65.1 smtp netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 65.116.xxx.xxx 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 191.0.0.0 255.0.0.0 inside

http 191.0.0.0 255.255.224.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-pptp

no sysopt route dnat

telnet timeout 5

ssh timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local pptp-pool

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username xxxxxxxx zzzzzzzzz

vpdn enable outside

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎09-24-2003 04:59 AM

you need:

access-group smtp in interface outside

to bind the access list smtp to the outside interface, for traffic coming inbound

0 Helpful

matthew.long
Level 1
Level 1

‎09-24-2003 05:01 AM

I can't seem to fine the access-group line applying the SMTP list to the interface.

Try

access-group SMTP in interface OUTSIDE

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card