Exchange behind PIX config

2002-07-23 Thread Chris Bodnar 

I have modified addresses to protect the innocent. I would be happy to
take this topic off line:

I have an Exchange 2000 server sitting behind a PIX 515. I want Internet
e-mail bound for the Exchange server to pass through the PIX to the
Exchange server. I have contacacted the ISP to have them change the MX
record to 192.10.10.195.

These are the lines I have added to the config:

global (outside) 1 192.10.10.196-192.10.10.198
static (inside,outside) 192.10.10.196 10.16.0.2 
access-list smtp_in permit tcp any host 192.10.10.196 eq smtp
access-group smtp_in in interface outside
no fixup protocol smtp 25

The Exchange 2000 Server is 10.16.0.2 ,  the Outside interface of the PIX
is 192.10.10.195

Thanks for the help

Chris Bodnar



List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Exchange behind PIX config

2002-07-23 Thread Keith Nelson 

Well your problem is with the static line
You have the outside IP for the exchange server set to 192.10.10.196
You want to change the 196 to 195 because thats what your DNS record is pointing to.
Or change your DNS record to point to 196.

Keith Nelson
Network Administrator
Orange County High School of the Arts



 -Original Message-
 From: Chris Bodnar [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, July 23, 2002 8:52 AM
 To: MS-Exchange Admin Issues
 Subject: Exchange behind PIX config
 
 
 I have modified addresses to protect the innocent. I would be happy to
 take this topic off line:
 
 I have an Exchange 2000 server sitting behind a PIX 515. I 
 want Internet
 e-mail bound for the Exchange server to pass through the PIX to the
 Exchange server. I have contacacted the ISP to have them change the MX
 record to 192.10.10.195.
 
 These are the lines I have added to the config:
 
 global (outside) 1 192.10.10.196-192.10.10.198
 static (inside,outside) 192.10.10.196 10.16.0.2 
 access-list smtp_in permit tcp any host 192.10.10.196 eq smtp
 access-group smtp_in in interface outside
 no fixup protocol smtp 25
 
 The Exchange 2000 Server is 10.16.0.2 ,  the Outside 
 interface of the PIX
 is 192.10.10.195
 
 Thanks for the help
 
 Chris Bodnar
 
 
 
 List Charter and FAQ at:
 http://www.sunbelt-software.com/exchange_list_charter.htm
 
 

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Exchange behind PIX config

2002-07-23 Thread Chris Bodnar 

Thanks for the reply. The Global command is where I am getting confused.
It was my understanding that I need it, and it couldn't be the IP address
of the Outside interface. Is that correct? If it can be would this work:

global (outside) 1 192.10.10.195
static (inside,outside) 192.10.10.195 10.16.0.2 
access-list smtp_in permit tcp any host 192.10.10.195 eq smtp
access-group smtp_in in interface outside
no fixup protocol smtp 25

Thanks 

chris

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

FW: Exchange behind PIX config

2002-07-23 Thread Paul Armstrong 

No, the Global line is for NAT, the config you had previously would be correct but you 
would exclude the IP you set a static mapping from from the Global config. If you use 
a Global IP for a static mapping the config gets more complicated because within the 
Global command you would provide the ports.

 
global (outside) 1 192.10.10.197-192.10.10.198
static (inside,outside) 192.10.10.196 10.16.0.2
access-list smtp_in permit tcp any host 192.10.10.196 eq smtp
access-group smtp_in in interface outside
no fixup protocol smtp 25

 
You would probably be better off using Conduits to do the port forwarding 
instead of the ACL's. 

-Original Message- 
From: Chris Bodnar [mailto:[EMAIL PROTECTED]] 
Sent: Tue 7/23/2002 12:37 PM 
To: MS-Exchange Admin Issues 
Cc: 
Subject: RE: Exchange behind PIX config



Thanks for the reply. The Global command is where I am getting 
confused.
It was my understanding that I need it, and it couldn't be the IP 
address
of the Outside interface. Is that correct? If it can be would this 
work:

global (outside) 1 192.10.10.195
static (inside,outside) 192.10.10.195 10.16.0.2
access-list smtp_in permit tcp any host 192.10.10.195 eq smtp
access-group smtp_in in interface outside
no fixup protocol smtp 25

Thanks

chris

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



.+-
«µêڝÑ@A«a¶Úÿ0²éÛz[l¡ûpj·œ¢oÞÅÈZž¥ŠË\…ªíz¸m

RE: Exchange behind PIX config

2002-07-23 Thread Ely, Don 

You would probably be better off using Conduits to do the port forwarding
instead of the ACL's.

Not in version 6.x you wouldn't.  Conduit statements were for 5.x and
lower...

-Original Message-
From: Paul Armstrong [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 23, 2002 1:19 PM
To: MS-Exchange Admin Issues
Subject: FW: Exchange behind PIX config


No, the Global line is for NAT, the config you had previously would be
correct but you would exclude the IP you set a static mapping from from the
Global config. If you use a Global IP for a static mapping the config gets
more complicated because within the Global command you would provide the
ports.

 
global (outside) 1 192.10.10.197-192.10.10.198
static (inside,outside) 192.10.10.196 10.16.0.2
access-list smtp_in permit tcp any host 192.10.10.196 eq smtp
access-group smtp_in in interface outside
no fixup protocol smtp 25

 
You would probably be better off using Conduits to do the port
forwarding instead of the ACL's. 

-Original Message- 
From: Chris Bodnar [mailto:[EMAIL PROTECTED]] 
Sent: Tue 7/23/2002 12:37 PM 
To: MS-Exchange Admin Issues 
Cc: 
Subject: RE: Exchange behind PIX config



Thanks for the reply. The Global command is where I am
getting confused.
It was my understanding that I need it, and it couldn't be
the IP address
of the Outside interface. Is that correct? If it can be
would this work:

global (outside) 1 192.10.10.195
static (inside,outside) 192.10.10.195 10.16.0.2
access-list smtp_in permit tcp any host 192.10.10.195 eq
smtp
access-group smtp_in in interface outside
no fixup protocol smtp 25

Thanks

chris

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



.+-

@A䳫aⰰ0z[lpjo‬Z \ࠅzm

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm