Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   not able to receive mail through pix 506e firewall (http://www.velocityreviews.com/forums/t483905-not-able-to-receive-mail-through-pix-506e-firewall.html)

hemanttandel@gmail.com 03-13-2007 01:40 PM

not able to receive mail through pix 506e firewall
 
Hi
I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
server.
I have fix static live ip 59.181.103.220 which i have got from ISP.
loyalindia.co.in is my domain,
The MX record for it is mail.loyalindia.co.in which points to
59.181.103.220

My problem is i am not able to send mails ( with my mail server,
Exchange server,loyalindia.co.in) through pix 506e but i am receiving
mails from any server.

I have tried with (ADSL) natting and without natting but the problem
is same.
If i am removing the pix 506e and directly connecting the server to
adsl i am able to receive and send mails properly


My network design is as fallows:-
ADSL (WAN) 59.181.103.220
ADSL (LAN)59.181.103.221
Pix 506e (out) 59.181.103.222
Pix 506e (in) 192.168.1.1.
My domain mail server loyalindia.co.in (Exchange server) ip
192.168.1.2

My config as fallows:-
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password oH2xz4N6pxtBHe8N encrypted
passwd.2KYencrypted
hostname loyal
domain-name loyalfire.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 59.181.103.221 adsl
name 192.168.1.2 mail
access-list smtp_in permit tcp any interface outside eq smtp
access-list smtp_in permit tcp any host 59.181.103.222 eq smtp
access-list out_in permit tcp any interface outside eq smtp
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 59.181.103.222 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location mail 255.255.255.255 inside
pdm location adsl 255.255.255.255 outside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp mail smtp netmask
255.255.255.255 0 0

access-group out_in in interface outside
route outside 0.0.0.0 0.0.0.0 adsl 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http mail 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:496f7c38801fe5cffecbc0ba6381a49d
: end
can anyone support me?


Smokey 03-13-2007 01:52 PM

Re: not able to receive mail through pix 506e firewall
 
hemanttandel@gmail.com wrote:
> Hi
> I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
> server.
> I have fix static live ip 59.181.103.220 which i have got from ISP.
> loyalindia.co.in is my domain,
> The MX record for it is mail.loyalindia.co.in which points to
> 59.181.103.220
>
> My problem is i am not able to send mails ( with my mail server,
> Exchange server,loyalindia.co.in) through pix 506e but i am receiving
> mails from any server.
>
> I have tried with (ADSL) natting and without natting but the problem
> is same.
> If i am removing the pix 506e and directly connecting the server to
> adsl i am able to receive and send mails properly


Posting the message again is not going to change the answer,

You have stated that your MX/A record for the mail server is .220 but
your PIX config is for .222 change your A record to reflect .222 not .220

hemanttandel@gmail.com 03-14-2007 05:10 AM

Re: not able to receive mail through pix 506e firewall
 
On Mar 13, 6:52 pm, Smokey <smo...@aol.com> wrote:
> hemanttan...@gmail.com wrote:
> > Hi
> > I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
> > server.
> > I have fix static live ip 59.181.103.220 which i have got from ISP.
> > loyalindia.co.in is my domain,
> > The MX record for it is mail.loyalindia.co.in which points to
> > 59.181.103.220

>
> > My problem is i am not able to send mails ( with my mail server,
> > Exchange server,loyalindia.co.in) through pix 506e but i am receiving
> > mails from any server.

>
> > I have tried with (ADSL) natting and without natting but the problem
> > is same.
> > If i am removing the pix 506e and directly connecting the server to
> > adsl i am able to receive and send mails properly

>
> Posting the message again is not going to change the answer,
>
> You have stated that your MX/A record for the mail server is .220 but
> your PIX config is for .222 change your A record to reflect .222 not .220- Hide quoted text -
>
> - Show quoted text -


Hi
If this ip 59.181.103.222 is not live, it will work?.
Because i had already done that but it was not sending and receiving
mails.
The other network design i have made was as fallows:-
(59.181.111.159 is new fix static ip but it is not live)
The MX/A record for it is mail.loyalindia.co.in which points to
59.181.111.159

ADSL (WAN) 59.181.103.220
ADSL (LAN)59.181.111.158
Pix 506e (out) 59.181.111.159
Pix 506e (in) 192.168.1.1.
My domain mail server loyalindia.co.in (Exchange server) ip
192.168.1.2
This network did not solved my problem.

According to you my config is ok but i have to change the MX/A record
ip to 59.181.103.222 (pix out ip) instead of 59.181.103.220 and it
will solved my problem. Ok i will try this. Any other way to solved
problem.
waiting for the reply.
Bye



All times are GMT. The time now is 04:52 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.