Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
5
Replies

PIX 515 Mail not working

dmox
Level 1
Level 1

‎09-16-2004 12:28 PM - edited ‎02-20-2020 11:38 PM

We're having an issue where we can't send mail to ourselves. Mail will successfully come from outside sources to mail.domainname.com but if we try it internally it won't allow the traffic through. If I try to telnet to port 25 from a machine on the internal network to the mail.domainname.com then it doesn't connect. However, if I telnet from an external source (one that isn't on the Internal Interface) I can connect fine.

Any help would be appreciated

0 Helpful
5 Replies 5

dmox
Level 1
Level 1

‎09-16-2004 12:44 PM

Here's a relevant portion of my config:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security10

access-list 100 permit tcp any host xxx.xxx.xxx.217 eq smtp

access-list 100 permit tcp any host xxx.xxx.xxx.217 eq pop3

global (outside) 1 interface

global (dmz) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

alias (inside) 192.168.0.xx xxx.xxx.xxx.4 255.255.255.255

static (inside,outside) xxx.xxx.xxx.217 192.168.0.xx netmask 255.255.255.255 0 0

0 Helpful

a.awan
Level 4
Level 4
In response to dmox

‎09-16-2004 01:14 PM

Your alias does not match your smtp server's public IP address. I am assuming the alias you have set is for the smtp server?

0 Helpful

jmia
Level 7
Level 7
In response to dmox

‎09-17-2004 02:58 AM

Daryl,

As per Atif's post change your alias to:

alias (inside) 192.168.0.xxx xxx.xxx.xxx.217 255.255.255.255

static (inside,outside) xxx.xxx.xxx.217 192.168.0.xxx netmask 255.255.255.255 0 0

Remember to issue clear xlate after the modifications and save with write mem.

0 Helpful

dmox
Level 1
Level 1
In response to jmia

‎09-17-2004 05:08 AM

Is the alias mandatory? What if I remove it completely?

0 Helpful

a.awan
Level 4
Level 4
In response to dmox

‎09-17-2004 05:13 AM

The alias will be required if you are trying to talk to your mail server using its public hostname. What the alias command does is that it doctors the DNS replies coming through the PIX and basically changes the public ip address into the private ip address for your internal clients. You can say that your internal DNS queries for your mail server will return its private rather than public ip address and this should make things work for you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card