Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
2
Replies

PIX 515 -SMTP configuration

prashanth15
Level 1
Level 1

‎05-19-2005 12:15 AM - edited ‎02-21-2020 12:09 AM

Dear all,

Pls find the attached files for your reference.I am new to PIX firewall.

Need to know how to open SMTP ports and access list.

The internal mail server is 128.1.1.3.

users should be able to receive send and receive email

What is the meaning of

"access-list inside_outbound_nat0_acl permit ip any 128.1.1.248 255.255.255.248 ",

"nat (inside) 0 access-listinside_outbound_nat0_acl",

"nat (inside) 10 0.0.0.0 0.0.0.0 0 0",

"global (outside) 10 interface"

Can refer in the attached file.

Pls do the needfull.

Regards,

Prashanth

Preview file
65 KB
Preview file
4 KB
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎05-19-2005 01:57 AM

Hello Prasanth,

The commands given by you , will not nat the subnet 128.1.1.248 when going out of PIX.. it will go with the original ip address 128.1.1.x... Are these the IP addresses given by your ISP to you ?

For mail access, you need to open tcp port 25 from outside to inside.. you need to talk to your ISP for mail relay.. once your ISP configures, u must be able to get mails, by adding an access-list on your PIX

access-list outside permit tcp any host 128.1.1.3 eq 25

access-group outside in interface outside

if 128.1.1.3 isnt your public IP addresses, you need to do a static NAT for the mail server to any free IP addresses given by your ISP...

static (inside,outside) x.x.x.x 128.1.1.3 netmask 255.255.255.255

you then need to change your ACL:

access-list outside permit tcp any host x.x.x.x eq 25

access-group outside in interface outside

HTH

Raj

0 Helpful

prashanth15
Level 1
Level 1
In response to sachinraja

‎05-19-2005 05:05 PM

Hi Raj,

Thanks for ur reply.Will get back to you when implemented.

128.1.1.248 is not given by ISP.

i was not the one who configured this.

do let me know whether the following can be deleted:

1)access-list inside_outbound_nat0_acl permit ip any 128.1.1.248 255.255.255.248

2)nat (inside) 0 access-list inside_outbound_nat0_acl

is this correct:

"global (outside) 10 interface" to be changed to "global (outside) 10 public interface IP"

and

"nat (inside) 10 0.0.0.0 0.0.0.0 0 0" to be changed to "nat (inside) 10 128.1.1.0 255.255.255.0 0 0"

Thanks,

Prashanth

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card