smtp server using global IP

Discussion in 'Cisco' started by admin too, Sep 28, 2004.

  1. admin too

    admin too Guest

    Problem:

    New incoming-only smtp gateway was installed by simply changing static
    mapping to go to the smtp gateway and everything works fine except the mail
    server is now using the Global outside address so it's failing reverse
    lookup for outgoing mail (some spam filters are complaining). Configuration
    is complicated by webserver on DMZ which needs to smtp to mail server on
    inside, too. Do I assign an extra static such as 111.122.116.6 for outbound
    and change mail.abc.com at ISP's DNS? When I added this address it broke
    the outgoing mail, I guess because of conflict with static mapping for
    webserver.
    Thanks for your help.



    111.122.116.4 mail.abc.com, MX (inside smtp gateway is 10.1.1.25)

    111.122.116.5 www.abc.com (dmz webserver 192.168.25.11 10.1.1.103
    server via 192.168.54.253)

    10.1.1.103 exchange server (currently appears as global outside IP which
    fails reverse lookup. I have 111.122.116.6 address availble I could assign)


    config

    access-list inside_in permit tcp host 10.1.1.103 any eq smtp
    access-list outside_in permit tcp any host 111.122.116.5 eq smtp
    access-list dmz_access_in permit udp any any eq domain
    access-list dmz_access_in permit tcp host 192.168.54.11 host 192.168.54.253
    eq smtp
    ip address outside 111.122.116.2 255.255.255.224
    ip address inside 10.1.1.10 255.255.0.0
    ip address dmz 192.168.54.1 255.255.255.0
    global (outside) 1 111.122.116.30
    global (dmz) 1 192.168.54.250
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    nat (dmz) 0 access-list dmz_nonat
    nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 111.122.116.5 10.1.1.25 netmask 255.255.255.255 0 0
    static (inside,dmz) 192.168.54.253 10.1.1.103 netmask 255.255.255.255 0 0
    static (dmz,outside) 111.122.116.4 192.168.54.11 netmask 255.255.255.255 0 0
    access-group outside_in in interface outside
    access-group inside_in in interface inside
    access-group dmz_access_in in interface dmz
    route outside 0.0.0.0 0.0.0.0 111.122.116.3
     
    admin too, Sep 28, 2004
    #1
    1. Advertisements

  2. admin too

    none Guest

    <snip>

    If your webserver is sendmail and the SMTP gateway is sendmail you can setup
    a mailertable on the webserver so it can talk to the SMTP gateway using the
    local IP address rather than trying to go out and come back in on the same
    interface (which PIX can't do anyway).
     
    none, Sep 30, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.