Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
1
Replies

Pix 520 translation problems between inside and DMZ mail server

sjcopeland
Level 1
Level 1

‎07-23-2002 01:22 PM - edited ‎02-20-2020 10:10 PM

I have a Pix 520 running v6.2(1) Inside network is 172.16.x..x with about 500 users accessing a mail server on the dmz at 192.168.1.2. Everything works fine, but after a while, I will start to get reports that random hosts on the inside network can no longer communicate with the mail server on the DMZ. You can't even telnet to the mail ports. Other PC's are working just fine. If I do a clear xlate command on the Pix, the "blocked" hosts can immediately communicate with the mail server again. After about 12 hours or so, the problem will re-appear on another set of machines.

This problem never occurs when doing a translation through the outside interface for internet access. Only when communicating with the DMZ.

Anyone got a suggestion as to where/what to look for?

Relevant configs from my Pix.

global (outside) 10 interface

global (dmz) 10 192.168.1.32-192.168.1.250

nat (inside) 10 0.0.0.0 0.0.0.0 0 0

0 Helpful
1 Reply 1

roberto-rios
Level 1
Level 1

‎07-23-2002 01:46 PM

You should use the next command, in global configuration

established tcp 25 0

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card