Not able to send mails through pix 506e

Discussion in 'Cisco' started by hemanttandel@gmail.com, Mar 13, 2007.

  1. Guest

    Hi
    I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
    server.
    I have fix static live ip 59.181.103.220 which i have got from ISP.
    loyalindia.co.in is my domain,
    The MX record for it is mail.loyalindia.co.in which points to
    59.181.103.220

    My problem is i am not able to send mails ( with my mail server,
    Exchange server,loyalindia.co.in) through pix 506e but i am receiving
    mails from any server.

    I have tried with (ADSL) natting and without natting but the problem
    is same.
    If i am removing the pix 506e and directly connecting the server to
    adsl i am able to receive and send mails properly


    My network design is as fallows:-
    ADSL (WAN) 59.181.103.220
    ADSL (LAN)59.181.103.221
    Pix 506e (out) 59.181.103.222
    Pix 506e (in) 192.168.1.1.
    My domain mail server loyalindia.co.in (Exchange server) ip
    192.168.1.2

    My config as fallows:-
    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password oH2xz4N6pxtBHe8N encrypted
    passwd.2KYencrypted
    hostname loyal
    domain-name loyalfire.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 59.181.103.221 adsl
    name 192.168.1.2 mail
    access-list smtp_in permit tcp any interface outside eq smtp
    access-list smtp_in permit tcp any host 59.181.103.222 eq smtp
    access-list out_in permit tcp any interface outside eq smtp
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 59.181.103.222 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location mail 255.255.255.255 inside
    pdm location adsl 255.255.255.255 outside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp interface smtp mail smtp netmask
    255.255.255.255 0 0

    access-group out_in in interface outside
    route outside 0.0.0.0 0.0.0.0 adsl 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http mail 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
    Cryptochecksum:496f7c38801fe5cffecbc0ba6381a49d
    : end
    loyal(config)# exit
    loyal# exit

    Logoff

    Type help or '?' for a list of available commands.
    loyal> en
    Password: *****
    loyal# config t
    loyal(config)# logging on
    loyal(config)# logging timestamp
    loyal(config)# logging monitor warnings
    loyal(config)# logging buffered warnings
    loyal(config)# logging trap warnings
    loyal(config)# sh run
    : Saved
    :
    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password oH2xz4N6pxtBHe8N encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname loyal
    domain-name loyalfire.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 59.181.103.221 adsl
    name 192.168.1.2 mail
    access-list smtp_in permit tcp any interface outside eq smtp
    access-list smtp_in permit tcp any host 59.181.103.222 eq smtp
    access-list out_in permit tcp any interface outside eq smtp
    pager lines 24
    logging on
    logging timestamp
    logging monitor warnings
    logging buffered warnings
    logging trap warnings
    mtu outside 1500
    mtu inside 1500
    ip address outside 59.181.103.222 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location mail 255.255.255.255 inside
    pdm location adsl 255.255.255.255 outside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp interface smtp mail smtp netmask
    255.255.255.255 0 0
    access-group out_in in interface outside
    route outside 0.0.0.0 0.0.0.0 adsl 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http mail 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
    Cryptochecksum:496f7c38801fe5cffecbc0ba6381a49d
    : end

    anybody who can support me?.
     
    , Mar 13, 2007
    #1
    1. Advertising

  2. Smokey Guest

    wrote:
    > Hi
    > I have pix 506e firewall, D-link ADSL dsl-502t and my IBM xseries 236
    > server.
    > I have fix static live ip 59.181.103.220 which i have got from ISP.
    > loyalindia.co.in is my domain,
    > The MX record for it is mail.loyalindia.co.in which points to
    > 59.181.103.220
    >


    This is the problem here, you say that your MX/A record for your mail
    server point to 59.181.103.220 but your NAT statement on the PIX is for
    59.181.103.222 which the SMTP port is reachable from the internet.

    I would suggest changing your A record for your mail server from
    59.181.103.222 instead of 59.181.103.220 as .220 is the interface of
    your ADSL router not the PIX.
     
    Smokey, Mar 13, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. geoff walbyoff

    Not being able to send messages

    geoff walbyoff, Oct 3, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    541
    Paul - xxx
    Oct 4, 2003
  2. Mel
    Replies:
    3
    Views:
    455
  3. Replies:
    2
    Views:
    537
  4. Not able to open mails

    , Nov 1, 2007, in forum: Computer Support
    Replies:
    2
    Views:
    473
    Mike Easter
    Nov 1, 2007
  5. harrison

    ICMP can not pass through PIX 506E

    harrison, Jun 7, 2009, in forum: Cisco
    Replies:
    0
    Views:
    1,397
    harrison
    Jun 7, 2009
Loading...

Share This Page