pix 515

stephtchoko · ‎10-02-2005

Please,

i configure pix to locate the server on dmz interface and host on inside interface.

the problem is that the host on inside interface cannot reach the e-mail server (196.202.232.17).

This is show run output:

names

access-list accl_dmz permit icmp any any

access-list outside_int permit ip any host 196.202.232.17

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

ip address outside 196.202.232.3 255.255.255.128

ip address inside 172.16.1.1 255.255.255.0

ip address DMZ 172.16.2.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 172.16.1.0 255.255.255.0 0 0

static (DMZ,outside) 196.202.234.64 172.16.2.2 netmask 255.255.255.255 0 0

static (DMZ,outside) 196.202.232.17 172.16.2.3 netmask 255.255.255.255 0 0

static (DMZ,outside) 61.11.234.86 172.16.2.4 netmask 255.255.255.255 0 0

static (DMZ,outside) 196.202.232.9 172.16.2.5 netmask 255.255.255.255 0 0

static (DMZ,outside) 196.202.232.13 172.16.2.6 netmask 255.255.255.255 0 0

static (DMZ,outside) 196.202.232.15 172.16.2.7 netmask 255.255.255.255 0 0

static (DMZ,outside) 196.202.232.14 172.16.2.8 netmask 255.255.255.255 0 0

static (DMZ,outside) 66.178.60.9 172.16.2.9 netmask 255.255.255.255 0 0

static (DMZ,outside) 61.11.234.6 172.16.2.10 netmask 255.255.255.255 0 0

static (DMZ,outside) 196.202.232.6 172.16.2.11 netmask 255.255.255.255 0 0

static (inside,DMZ) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0

access-group outside_int in interface outside

conduit permit ip 172.16.1.0 255.255.255.0 any

conduit permit ip any any

route outside 0.0.0.0 0.0.0.0 196.202.234.1 1

route outside 10.2.4.0 255.255.255.0 196.202.234.63 1

route outside 10.2.5.0 255.255.255.0 196.202.234.63 1

route outside 10.2.7.0 255.255.255.0 196.202.234.63 1

route outside 10.2.8.0 255.255.255.0 196.202.234.63 1

route outside 10.2.9.0 255.255.255.0 196.202.234.61 1

route outside 10.2.10.0 255.255.255.0 196.202.234.63 1

route outside 10.2.11.0 255.255.255.0 196.202.234.63 1

route outside 203.192.200.0 255.255.255.0 196.202.234.61 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

from host 172.16.1.24 i make ping to 196.202.232.17 (e-mail server); there are debug icmp trace message:

pixfirewall# debug icmp trace

ICMP trace on

Warning: this may cause problems on busy networks

pixfirewall# 45: ICMP echo-request from inside:172.16.1.24 to 196.202.232.17 ID=

512 seq=14126 length=40

46: ICMP echo-request: translating inside:172.16.1.24/512 to outside:196.202.232

.3/0

47: ICMP echo-request from outside:196.202.234.40 to 196.202.232.17 ID=1280 seq=

3113 length=40

48: ICMP echo-request: untranslating outside:196.202.232.17 to DMZ:172.16.2.3

49: ICMP echo-reply from DMZ:172.16.2.3 to 196.202.234.40 ID=1280 seq=3113 lengt

h=40

50: ICMP echo-reply: translating DMZ:172.16.2.3 to outside:196.202.232.17

undebug all51: ICMP echo-request from inside:172.16.1.24 to 196.202.232.17 ID=51

2 seq=14382 length=40

52: ICMP echo-request: translating inside:172.16.1.24/512 to outside:196.202.232

.3/0

53: ICMP echo-request from outside:196.202.234.40 to 196.202.232.17 ID=1280 seq=

3369 length=40

54: ICMP echo-request: untranslating outside:196.202.232.17 to DMZ:172.16.2.3

55: ICMP echo-reply from DMZ:172.16.2.3 to 196.202.234.40 ID=1280 seq=3369 lengt

h=40

56: ICMP echo-reply: translating DMZ:172.16.2.3 to outside:196.202.232.17

Please, very emergency.

Any help will be appreciated.

wdrootz · ‎10-06-2005

Select Administration > Appliance > Configure Mailroute.

Enter the hostname or IP address of an SMTP mail server on your network and click Save.