Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
0
Helpful
3
Replies

To:patrick.iseli, Please help! PIX506 problem.

Go to solution
dwkwon
Level 1
Level 1

‎03-18-2005 02:05 AM - edited ‎03-09-2019 10:40 AM

Hi, patrick!

sorry, post to you.

I read your posting aticle abot PIX506 and NETGEAR DG814 configuration.

I have somting problem,configuring PIX506.AND it's similar to your PIX troubleshooting case.

please, help me!

please refer to below text and attached documents.

Thanks!

Hi, Expert everyone!!!

I can't write ENGLISH well, It will cause communication problem to YOU.

I meet a something problem to configure PIX506 firewall.

I have a PIX506 firewall and NETGEAR RP614 IP-sharer.

Under PIX506 firewall, there are Two Windows servers.

One Windows 2000 server is Web and DNS server, Another Exchange 2003 server based on Windows 2003 server.

But problem is...

I don't recieve a e-mail, send a e-mail very well!!

I attachment document about PIX506 config and my network diagram.

It's a crazy problem.

Please please please help me, Expert everyone.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Iseli
Level 7
Level 7
In response to dwkwon

‎03-18-2005 05:05 AM

I posted the config in the "PIX506 Problem, DNS and Eachange Server Cofiguration!".

sincerely

Patrick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
dwkwon
Level 1
Level 1

‎03-18-2005 02:40 AM

sorry, because cisco server error, I don't attached all document.

please, refer to topic subjet "PIX506 Problem, DNS and Eachange Server Cofiguration!"

There is below 6th subjet in this board.

Thanks!

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to dwkwon

‎03-18-2005 05:05 AM

I posted the config in the "PIX506 Problem, DNS and Eachange Server Cofiguration!".

sincerely

Patrick

0 Helpful

Go to solution
JEREMY GRAY
Level 1
Level 1

‎03-18-2005 07:25 AM

Check your "static (dmz,outside)" is correct.

Check your ACL is correct and allows the traffic to reach the public ip.

Check you ACL is applied "in" on the outside using access-group.

If your SMTP server uses ESMTP disable mailguard "no fixup protocol smtp 25" or upgrade to version 7.n (check memory support first).

Example...

static (dmz,outside) 88.77.66.55 10.1.1.1

access-list public-in permit tcp any host 88.77.66.55 eq 25

access-group public-in in interface outside

If the above is "already correct", then disbable mailguard.

no fixup protocol smtp 25

Notes.

Where 88.77.66.55 is your public/DNS address for your mail server MX record. And 10.1.1.1 is your private internal IP of the SMTP server.

If you are not using VLANs and only have two interfaces - inside and outside - this is a security risk when hosting any applications - but can be done if you accept the risks. In this case I recommend an external mail filtering company such as messagelabs or blackspider so that the source of your email can be a limited number of systems. I would NOT recommend hosting a web server without a dedicated DMZ. If this has to be done - ensure that the very latest applications and OS patches are always applied, ensure that AV software is updated. Consider/implement private VLANs, Consider HIDS/HIPS on the servers AND all other internal systems. Protect your users from your own public SMTP/WWW servers as best you can. Much less risk with a DMZ!

I assume you can send email because you are successfully using NAT but have not configured the static and/or ACL as above. Take great care when allowing access to your systems.

0 Helpful
Customers Also Viewed These Support Documents