RE: Exchange behind PIX config
Well your problem is with the static line You have the outside IP for the exchange server set to 192.10.10.196 You want to change the 196 to 195 because thats what your DNS record is pointing to. Or change your DNS record to point to 196. Keith Nelson Network Administrator Orange County High School of the Arts -Original Message- From: Chris Bodnar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 8:52 AM To: MS-Exchange Admin Issues Subject: Exchange behind PIX config I have modified addresses to protect the innocent. I would be happy to take this topic off line: I have an Exchange 2000 server sitting behind a PIX 515. I want Internet e-mail bound for the Exchange server to pass through the PIX to the Exchange server. I have contacacted the ISP to have them change the MX record to 192.10.10.195. These are the lines I have added to the config: global (outside) 1 192.10.10.196-192.10.10.198 static (inside,outside) 192.10.10.196 10.16.0.2 access-list smtp_in permit tcp any host 192.10.10.196 eq smtp access-group smtp_in in interface outside no fixup protocol smtp 25 The Exchange 2000 Server is 10.16.0.2 , the Outside interface of the PIX is 192.10.10.195 Thanks for the help Chris Bodnar List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange behind PIX config
Thanks for the reply. The Global command is where I am getting confused. It was my understanding that I need it, and it couldn't be the IP address of the Outside interface. Is that correct? If it can be would this work: global (outside) 1 192.10.10.195 static (inside,outside) 192.10.10.195 10.16.0.2 access-list smtp_in permit tcp any host 192.10.10.195 eq smtp access-group smtp_in in interface outside no fixup protocol smtp 25 Thanks chris List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange behind PIX config
You would probably be better off using Conduits to do the port forwarding instead of the ACL's. Not in version 6.x you wouldn't. Conduit statements were for 5.x and lower... -Original Message- From: Paul Armstrong [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 1:19 PM To: MS-Exchange Admin Issues Subject: FW: Exchange behind PIX config No, the Global line is for NAT, the config you had previously would be correct but you would exclude the IP you set a static mapping from from the Global config. If you use a Global IP for a static mapping the config gets more complicated because within the Global command you would provide the ports. global (outside) 1 192.10.10.197-192.10.10.198 static (inside,outside) 192.10.10.196 10.16.0.2 access-list smtp_in permit tcp any host 192.10.10.196 eq smtp access-group smtp_in in interface outside no fixup protocol smtp 25 You would probably be better off using Conduits to do the port forwarding instead of the ACL's. -Original Message- From: Chris Bodnar [mailto:[EMAIL PROTECTED]] Sent: Tue 7/23/2002 12:37 PM To: MS-Exchange Admin Issues Cc: Subject: RE: Exchange behind PIX config Thanks for the reply. The Global command is where I am getting confused. It was my understanding that I need it, and it couldn't be the IP address of the Outside interface. Is that correct? If it can be would this work: global (outside) 1 192.10.10.195 static (inside,outside) 192.10.10.195 10.16.0.2 access-list smtp_in permit tcp any host 192.10.10.195 eq smtp access-group smtp_in in interface outside no fixup protocol smtp 25 Thanks chris List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm .+- @A䳫aⰰ0z[lpjoZ \ࠅzm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm