Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2473
Views
0
Helpful
48
Replies

Pix 501 problem, I cant receive smtp mail

Go to solution
firebird9
Level 1
Level 1

‎02-21-2005 07:46 AM - edited ‎02-20-2020 11:58 PM

Currently I can send mail but cannot receive mail from the Internet, if I remove the Pix and connect directly to the Modem/Router then I can SMTP in on port 25 and SMTP mail works fine both in & out.

All we want this Pix to allow at present is:

a) Internet access to all internal network clients

b) Allow clients to pop mail from web mail accounts

c) We wish to use Exchange & Outlook and host our own e-mail using SMTP

Please find attached two documents: -

1. A current edited running config of my 501 Pix

2. A PowerPoint diagram of my network.

I very much appreciate any help.

Vinny.

Preview file
3 KB
Preview file
25 KB
0 Helpful
48 Replies 48

Go to solution
Patrick Iseli
Level 7
Level 7
In response to firebird9

‎03-18-2005 07:19 AM

The error message 1, 2, 3 are VERSION related. What PIX OS version have you installed on your PIX ? You need 6.3.4 for that I think.

To see your version use "show version".

Error message 4 is because you ahve to replace the "PEER-IP" by the public IP address of your VPN Peer.

sincerely

Patrick

0 Helpful

Go to solution
firebird9
Level 1
Level 1
In response to Patrick Iseli

‎03-18-2005 03:37 PM

I am using version 6.2.2

One of our salesmen will need to connect from various hotels whilst travelling, so we would know the "PEER-IP"

Rgds

Vinny

0 Helpful

Go to solution
firebird9
Level 1
Level 1
In response to Patrick Iseli

‎03-22-2005 06:50 AM

Hi Patrick,

Any thoughts on how one of our roaming sales people can connect via a client VPN where we do not know their static IP?

Secondly, I sometimes have a problem connecting to our mail server via OWA. 50 percent of the time I can connect no problem other times it times out & cannot find the page! Do you think this could be Pix related?

Thanks

Vinny

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to firebird9

‎03-22-2005 07:38 AM

No problem use this config which opens to ANY IP address ! The sysopt will open IPSEC on the outside interface for any IP on the Internet. But the question is more if can open IPSEC (udp 500) and Protocol ESP on the ADSL Router.

Example for dynmic VPN Clients:

access-list NONAT permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

access-list DYN-VPN-ACL permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

aaa-server LOCAL protocol local

aaa authentication secure-http-client

sysopt connection permit-ipsec

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address DYN-VPN-ACL

crypto dynamic-map outside_dyn_map 20 set transform-set TRANS

crypto map REMOTE 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map REMOTE client authentication LOCAL

crypto map REMOTE interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

ip local pool VPNPool x.y.z.1-x.y.z.254

vpngroup VPNGroup address-pool VPNPool

vpngroup VPNGroup dns-server dns2 dns1

vpngroup VPNGroup default-domain localdomain

vpngroup VPNGroup idle-time 1800

vpngroup VPNGroup password grouppassword

username vpnclient password vpnclient-password

Could you please open another POST this one is getting to heavy (long) !!!

Title: VPN Client setup for PIX 501

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card