After working with the TAC for two days to resolve this issue the problem
turned out to
be that the router that goes between the server and the PIX had policy based
routing
enabled that was sending the SYN ACK packets out another port on the
router. One more
line in the access list and presto! The original packets were making it all
the way to
the server but replys went elsewhere. The line of code for the NAT in the
PIX was
perfectly correct.
Thanks to all those who replied, and now we know the answer.
Kevin
Kevin McIntyre wrote:
> I have the following line in a PIX 506 for static natting to an inside
> server.
>
> static (inside,outside) tcp interface smtp 172.16.1.21 smtp netmask
> 255.255.255.255 0 0
>
> When the Pix is started this will work for a short period of time and
> then will stop answering to connections on port 25 at all. The log on
> the server that it actually connects to says an unsuccessful attempt was
> made to connect but won't accept messages.
>
> When I try to send mail using the server from inside the PIX, directly
> to 172.16.1.21, the server itself is running fine.
>
> There is a 3640 router between the pix and the smtp server both with
> static routes.
>
> Any ideas?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15595&t=15169
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
