I am preparing for MCNS - Manual Ver 2.1 Page 6-22and not clear about Static and Conduit commands with fixup protocol smtp 25.
I Don't understand the static (inside,outside) global-ip local-ip ... when I compare it with the below static command: static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255. Question? Is static command always from lower nameif(dmz2)to higher nameif (dmz1)? If so why is is it always stated as: static (inside,outside)? and not (Outside,Inside) ???? I am reading on page 6-22: That the Mail Guard feature removes the need for an external Mail Relay (Bastion Host) in the perimeter of DMZ network Once you create the Static and Conduit commands for an SMTP mail server, use the fixup protocol 25 command to enable the PIX Firewall's Mail Guard feature in PIX FW release 4.2 and later. Then says, The first IP address you specify in the static command is the 1st IP address you specify in the conduit command as in example : static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0 fixup protocol smtp 25 Also says: The static command maps the adderess 10.1.1.1 on the dmz1 intf. so that users on the dmz1 intf. can access the 172.16.1.10 host on the dmz2 intf. The conduit command permits any users in the 10.11.1.0 network access the 10.1.1.1 address over any tcp port. Is this correct? or should it say: static (dmz1,dmz2) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 Can someone explain the above??? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46000&t=46000 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]