Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
8
Replies

Cisco Pix 515E and MS Exchange

dmendiola
Level 1
Level 1

‎09-24-2004 03:42 PM

I hope you can give me an advice re: the commands I need to implement this situation...

We have several extra static IP Address, so what I wanted to do was to use the extra IP to route to the exchange server.

for example...

my current IP for everything is XXX.XXX.XXX.21

that's the one configured to my cisco pix.

now I also own XXX.XXX.XXX.22

Subnet: 255.255.255.248

now the internal IP for my exchange is 192.168.0.122

subnet 255.255.255.0

and I wanted to open up just TCP port 25 for that IP Add.

So can anybody help me with the command lines?

Labels:
0 Helpful
8 Replies 8

vincent.on
Level 1
Level 1

‎09-25-2004 08:45 AM

access-list inbound permit tcp any host xxx.xxx.xxx.22 eq smtp

static (inside, outside) xxx.xxx.xxx.22 192.168.0.122 netmask 255.255.255.255 0 0

access-group inbound in interface outside

0 Helpful

dmendiola
Level 1
Level 1
In response to vincent.on

‎09-25-2004 09:56 AM

thanks...btw, should i disable mail guard to make exchange to work?

0 Helpful

mostiguy
Level 6
Level 6
In response to dmendiola

‎09-25-2004 04:36 PM

yes

0 Helpful

vincent.on
Level 1
Level 1
In response to dmendiola

‎09-26-2004 04:36 PM

I use..

no fixup protocol smtp 25

I hope this helps.

0 Helpful

dmendiola
Level 1
Level 1
In response to vincent.on

‎09-26-2004 05:23 PM

thanks again, i'll try to implement this monday when i get back at work.

0 Helpful

dmendiola
Level 1
Level 1

‎09-27-2004 08:15 AM

do i need the NAT command as well?

0 Helpful

jmia
Level 7
Level 7
In response to dmendiola

‎09-27-2004 08:48 AM

Dominic,

Here's an example config from my lab pix for a MS Exchange server on the inside network (I'm using Pix OS 6.2(1)) - Hope this helps you out:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname your-pix

domain-name your-domian

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

names

access-list smtp permit tcp any host 213.xx.xx.xx eq smtp

pager lines 24

logging on

logging timestamp

logging console notifications

logging trap warnings

logging history warnings

interface ethernet0 10baset

interface ethernet1 10baset

mtu outside 1500

mtu inside 1500

ip address outside 213.xx.xx.xx 255.255.255.240

ip address inside 10.xx.xx.xx 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp 213.xx.xx.xx smtp 10.xx.xx.xx smtp dns netmask 2

55.255.255.255 0 0

access-group smtp in interface outside

route outside 0.0.0.0 0.0.0.0 213.xx.xx.xx 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt noproxyarp inside

no sysopt route dnat

telnet timeout 5

ssh timeout 5

terminal width 80

Hope this helps - Jay

0 Helpful

vincent.on
Level 1
Level 1
In response to dmendiola

‎09-27-2004 10:43 AM

Maybe, you can print your pix config here then we'll be able to tell you what you need.

Vincent.

0 Helpful
Customers Also Viewed These Support Documents