You will need to set up a static route entry to allow all outside traffic via an outside (global address - legitimate) address seen by the internet to the inside (NAT/PAT) address in addition to your smtp permit entry. Use the following example in PIX configuration mode: static (inside,outside) 65.88.210.244 172.16.12.27 netmask 255.255.255.255 0 0 access-list 100 permit tcp any host 65.88.210.244 eq smtp
The IP address of 172.16.12.27 would be the inside address of your mail server and 65.88.210.244 would be the outside or NAT'd?PAT'd IP address of your mail server. The netmask information is required and the example above shows that this server is statically addressed and routed to your mail server. Don't forget to enable your access list with the access-group command! access-group 100 in interface outside As recommended by someone else - you should develop a webmail server with SSL to be more confident with your security. Once you do this, you will also have to add a static route entry for the webmail server as well as an access list entry. Or hire me since I just got laid-off! :) Good Luck V/r Rob Clark
