06-08-2004 01:35 AM - edited 03-09-2019 07:40 AM
Hi,
I know this should be easy but....
Pix Version 6.3 (3)
PDM Version 3.0 (1)
I have configured PAT on my external interface. I can get Internet access from internal clients through the PAT.
However I'm having difficulties in setting the translation from outside to internal Mail Server.
I'm trying to forward SMTP to my internal Mail server.
Heres my configuration: Any ideas?
When using PDM to set translation rule i'm told that there is an overlap on the outside ip (naturally) is this correct?
Building configuration...
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password KjEz6V2iGiwHbLkG encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX515E
domain-name owl-housing.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.1.3 OWL-W2KS-MAIL
access-list inside_access_in permit tcp any any
access-list inside_access_in permit udp any any
access-list outside_access_in permit tcp any eq smtp host OWL-W2KS-MAIL eq smtp
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 80.XXX.XXX.XXX 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
no ip address intf2
ip audit info action alarm
ip audit attack action alarm
pdm location OWL-W2KS-MAIL 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
global (outside) 1 80.XXX.XXX.XXX
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 80.XXX.XXX.XXX smtp OWL-W2KS-MAIL smtp netmask 255.255.255.255 0 0
static (inside,outside) OWL-W2KS-MAIL OWL-W2KS-MAIL netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 80.XXX.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:7b39dac8a1c404c6ee1ad7d738ed6054
: end
[OK]
06-08-2004 01:46 AM
You'll need a ACL for you outside interface and a static, try the following:
ACL:
access-list mail_in permit tcp any host
access-group mail_in in interface outside
STATIC:
static (inside,outside) tcp interface smtp
Save with write mem and also issue clear xlate.
Let me know how you get on, the public_mail_ip should correspond to your MX record for e-mail.
Jay
06-08-2004 05:12 AM
Your static route has the inside and outside ip address the same, OWL-W2KS-MAIL.
One needs to be the ip on the outside and the other needs to be the ip on the inside which looks like 192.168.1.3
06-08-2004 06:07 AM
Hi thx for your comments,
When you say the ip on the inside looks like 192,168.1.3 (this is the mail server). I assume this is correct and doesnt need to be the ip of the inside interface? As after all i'm directing to the server not the interface?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide