I have a situation which someone may be able to shed some light on. The configuration that is in place is a PIX 515 6.01 with a public IP on the 'outside' interface and private IP on the 'inside' interface as you would normally see in a straight-forward config. We are using PAT to another external IP for all internal users. Also there are static NAT statements on this same external IP (one used for PAT) that translate to the appropriate internal IPs for the respective services. Ex. static (inside,outside) tcp x.x.x.x pop3 10.x.x.x pop3 netmask x.x.x.x (translating all pop3 queried traffic on x.x.x.x to be forwarded to 10.x.x.x) One inbound access list is applied to the 'outside' interface filtering for the protocols we need allowed in and for the static nats. So this works fine for all external users and querying the various protocols. All locations are connected via private frame WAN to the central location, where the internet connection out is and also this PIX. Here is the problem. There are travelling users which bounce from site to site and are configured to access email via POP3. Unfortunately this will not work from inside the PIX. What it looks like is that basically the client is querying a pop3 server which resolves to the public IP address which is in turn the same address assigned for the static nat translation to the actual internal pop3 box. I would change the client to resolve pop3 to the actual internal IP address but then they would be unable to reach the box from home or hotel etc. ie. client queries pop3 to 'popserver.domain.com' > dns resolves this to x.x.x.x from above static NAT. Query fails. Does anyone have any suggestions on what may be happening and could shed some light on whether this can be done first of all, and what steps may need to be taken on the PIX so that interal queries for pop3 and smtp will be able to go out through the PAT and come back in as the static nat translates them and still work. Thanks VERY much for anyones input. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19931&t=19931 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
