Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Not able to send mails through pix 506e

Reply
Thread Tools

Not able to send mails through pix 506e

 
 
hemanttandel@gmail.com
Guest
Posts: n/a
 
      03-13-2007
Hi
I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
server.
I have fix static live ip 59.181.103.220 which i have got from ISP.
loyalindia.co.in is my domain,
The MX record for it is mail.loyalindia.co.in which points to
59.181.103.220

My problem is i am not able to send mails ( with my mail server,
Exchange server,loyalindia.co.in) through pix 506e but i am receiving
mails from any server.

I have tried with (ADSL) natting and without natting but the problem
is same.
If i am removing the pix 506e and directly connecting the server to
adsl i am able to receive and send mails properly


My network design is as fallows:-
ADSL (WAN) 59.181.103.220
ADSL (LAN)59.181.103.221
Pix 506e (out) 59.181.103.222
Pix 506e (in) 192.168.1.1.
My domain mail server loyalindia.co.in (Exchange server) ip
192.168.1.2

My config as fallows:-
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password oH2xz4N6pxtBHe8N encrypted
passwd.2KYencrypted
hostname loyal
domain-name loyalfire.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 59.181.103.221 adsl
name 192.168.1.2 mail
access-list smtp_in permit tcp any interface outside eq smtp
access-list smtp_in permit tcp any host 59.181.103.222 eq smtp
access-list out_in permit tcp any interface outside eq smtp
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 59.181.103.222 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location mail 255.255.255.255 inside
pdm location adsl 255.255.255.255 outside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp mail smtp netmask
255.255.255.255 0 0

access-group out_in in interface outside
route outside 0.0.0.0 0.0.0.0 adsl 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http mail 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:496f7c38801fe5cffecbc0ba6381a49d
: end
loyal(config)# exit
loyal# exit

Logoff

Type help or '?' for a list of available commands.
loyal> en
Password: *****
loyal# config t
loyal(config)# logging on
loyal(config)# logging timestamp
loyal(config)# logging monitor warnings
loyal(config)# logging buffered warnings
loyal(config)# logging trap warnings
loyal(config)# sh run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password oH2xz4N6pxtBHe8N encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname loyal
domain-name loyalfire.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 59.181.103.221 adsl
name 192.168.1.2 mail
access-list smtp_in permit tcp any interface outside eq smtp
access-list smtp_in permit tcp any host 59.181.103.222 eq smtp
access-list out_in permit tcp any interface outside eq smtp
pager lines 24
logging on
logging timestamp
logging monitor warnings
logging buffered warnings
logging trap warnings
mtu outside 1500
mtu inside 1500
ip address outside 59.181.103.222 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location mail 255.255.255.255 inside
pdm location adsl 255.255.255.255 outside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp mail smtp netmask
255.255.255.255 0 0
access-group out_in in interface outside
route outside 0.0.0.0 0.0.0.0 adsl 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http mail 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:496f7c38801fe5cffecbc0ba6381a49d
: end

anybody who can support me?.

 
Reply With Quote
 
 
 
 
Smokey
Guest
Posts: n/a
 
      03-13-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Hi
> I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
> server.
> I have fix static live ip 59.181.103.220 which i have got from ISP.
> loyalindia.co.in is my domain,
> The MX record for it is mail.loyalindia.co.in which points to
> 59.181.103.220
>


This is the problem here, you say that your MX/A record for your mail
server point to 59.181.103.220 but your NAT statement on the PIX is for
59.181.103.222 which the SMTP port is reachable from the internet.

I would suggest changing your A record for your mail server from
59.181.103.222 instead of 59.181.103.220 as .220 is the interface of
your ADSL router not the PIX.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Not able to display color in excel not able to display color in excel using xml sed_y XML 0 02-15-2012 09:46 PM
ICMP can not pass through PIX 506E harrison Cisco 0 06-07-2009 05:10 AM
Not able to open mails vasulathas@gmail.com Computer Support 2 11-01-2007 11:54 AM
Help needed to send and receive mails through Perl in Windows kowtham@gmail.com Perl Misc 1 06-27-2007 03:32 PM
not able to receive mail through pix 506e firewall hemanttandel@gmail.com Cisco 2 03-14-2007 05:10 AM



Advertisments