Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
2
Replies

PIX address translation

ssafarloo
Level 1
Level 1

‎12-30-2004 09:54 AM - edited ‎02-20-2020 11:50 PM

Hi all,

I have a PIX 525, version 6.3(1) with 2 interfaces active (inside and ouside)

I have a single global PAT for sending out and a static entry for my smtp port on a different address.

when I sent email the header shows my PAT(ed) IP address as the sneder. Can I change it so it goes out on the same static address assigend to my real smtp listening port?

Or I am on the wrong track all together!

Regards,

Stepan safarloo

0 Helpful
2 Replies 2

jmia
Level 7
Level 7

‎12-30-2004 10:10 AM

Stepan,

Firstly, why would you want the out side world knowing your internal IP address of your SMTP server? This defeats the objective of having a firewall. You can not change what you are asking for as all your internal IP traffic is being translated to one public IP address and the return traffic is being port address translated (PAT) back to your internal network.

You have a good setup so I would not change anything unless it is causing you problems, also from a security point, if you want to make your pix invisible to any port scanners from the outside world, you can issue command: (in config mode) - icmp deny any outside, you can check if you have any ports open by going to www.grc.com and try out Shields Up. This program will probe your firewall for any open ports and will display a report of the results. Try it before you issue the icmp deny command suggested above and then try it after applying it. The grc shields up is a secure probe and I've used it quite often.

Let me know if this helps.

Jay

0 Helpful

ssafarloo
Level 1
Level 1
In response to jmia

‎12-30-2004 06:35 PM

Jay, thanks for your reply.

I am trying to fix a reverse lookup problem on my domain name that is causing some ISPs to refuse emails from my domain. At the same time I belive I have poor dns confiugration issues that I am trying to fix at the same time. this is an environment I am just learning about. Another finding is that I belive my IP addresses are being blocked as spammer which I am sorting out with the ISPs.

I have used the shilds up tool to measure the security. Yes it is a usefull tool.

I will followup on this with whatever resolution I end up with.

Again thank you for your time and input.

Best,

Stepan Safarloo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card