PIX 515E and Exchange Server

pgasol · ‎08-21-2002

Hi everybody

I'm trying to configure a Exchange Server in the interface "server" of a 515E and I have several problems. Let's imagine the following scenario (not real adresses):

Interface "Outside" 10.10.10.1 (Pool of public addresses 10.10.10.1 - 10.10.10.10)

Interface "Server" 10.112.15.255

Exchange Server 10.112.15.226

Due to an existing configuration, my ISP sends the incoming mail to 10.10.10.1

I have configured a static translation from outside to server as follows:

static(server,outside) 10.10.10.1 10.112.15.226 netmask 255.255.255.255

And I've implemented an access-list to permit smtp incoming traffic:

access-list outside_in permit tcp any host 10.10.10.1 eq smtp

access-group outside_in in interface outside

The debug command shows me that traffic is arriving from my ISP to the outside address 10.10.10.1 but it's not arriving to the server. I'm not sure if it's possible to make a static translation using the outside interface address. Is it?

If possible, where's the problem? Any Idea?

Tanks a lot in advance for all the responses

mike-greene · ‎08-21-2002

Hi, port redirection will probably work in your situation. In the future though I would change my MX record to point to a different IP and take that IP address out of your pool. Here is a document on port redirection....

http://www.cisco.com/warp/public/707/28.html#port

The command syntax should look something like this.....

static (server,outside) tcp interface 25 10.112.15.226 25 netmask 255.255.255.255 1000 500

!

access-list outside_in permit tcp any host 10.10.10.1 eq 25

Hope that helps...

sconnolly · ‎08-21-2002

I believe that you can not use the outside interface's IP address for a static NAT. It can be used as the global address, the address that internal users use when leaving the network.

Have you tried using 10.10.10.2 as your outside address, and make your pool 10.10.10.3 - 10.10.10.10?