Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
714
Views
0
Helpful
2
Replies

PIX & E-Mail Server Setup?

kendo.igor
Level 1
Level 1

‎11-06-2002 03:17 PM - edited ‎02-20-2020 10:21 PM

We have a Microsoft Exchange server on the inside network. There is no DMZ.

We have access list acl_in bound to the inside interface and acl_out bound to the outside interface.

These are the lines I'm planning to add to the configuration to provide a bidirectional smtp connectivity between the mail server and the internet.

I've omitted the nameif, ip address, interface, and access-group commands, and changed the actual ip addresses.

Does this look correct and do I need to make any changes?

static (inside,outside) 200.1.1.1 10.1.1.1 netmask 255.255.255.255 0 0

access-list acl_out permit tcp any host 200.1.1.1 eq smtp

nat (inside) 101 10.1.1.1 255.255.255.255

global (outside) 101 200.1.1.1 netmask 255.255.255.0

access-list acl_in permit tcp host 10.1.1.1 any eq smtp

Thanx,

0 Helpful
2 Replies 2

tvanginneken
Level 4
Level 4

‎11-06-2002 03:35 PM

Hi,

you can skip the nat and the global command. The translation is already done by the static command.

Kind Regards,

Tom

0 Helpful

mshavrov
Level 1
Level 1

‎11-08-2002 09:36 AM

Answer #1 is correct. You should not use NAT/GLOBAL if you use STATIC. And always remember, that all connections, initiated from INSIDE (in comparation with another interface) are allowed by default, so you should not care about "acl_in" access-list.

Another thing, you didn't state, if you applied ACCESS-LIST to interface with ACCESS-GROUP command. Without this it will not work.

Good luck.

0 Helpful
Review Cisco Networking for a $25 gift card
li.common.scroll-to.top