Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Networking > Cisco Security PIX/ASA/VPN
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Pix 515e Not able to recieve emai with Exchange

Pix 515e Not able to recieve emai with Exchange

this thread has 2 replies and has been viewed 1116 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 16th May 2012, 04:23
Jonathan.Wood Jonathan.Wood is offline
Casual
Casual
 
 Join Date: May 2012
  6 month star 12 month star
 Posts: 1
 Reputation: Jonathan.Wood is on a distinguished road (10)
Default Pix 515e Not able to recieve emai with Exchange

I have done all the troubleshooting I can think of. My ISP and my domain MX records have been confirmed to be correct. The last problem I can think of, is that my PIX is blocking the traffic. Can you verify my config is correct please?

PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name home.jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted
names
name 192.168.2.22 exchange
!
interface Ethernet0
nameif outside
security-level 0
ip address xxx.xxx.118.208 255.255.255.224
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
!
interface Ethernet2
shutdown
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
!
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 68.105.28.16
name-server 68.105.29.16
domain-name home.jkkcc.com
access-list smtp_in extended permit tcp any host xxx.xxx.118.208 eq smtp
pager lines 24
mtu outside 1500
mtu inside 1500
mtu exchange 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image flash:/asdm-61551.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp exchange smtp netmask 255.255.255.255
!
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 24.234.118.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:0a435a79db9212e8f8c23a3b60f77a23
: end

Here is my network layout

Cable modem --->Pix ------> Cisco 3745 -----> Switch ------>Exhcnage Server
  #2  
Old 16th May 2012, 08:25
tehcamel's Avatar
tehcamel tehcamel is offline
Moderator
 
 Join Date: Mar 2009
  6 month star 12 month star
 Location: Melbourne
 Posts: 5,670
  Send a message via Skype™ to tehcamel
 Reputation: tehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to beholdtehcamel is a splendid one to behold (727)
Default Re: Pix 515e Not able to recieve emai with Exchange

maybe not this
but you've got a Shutdown command on your exchange interface..

Quote:
interface Ethernet2
shutdown
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
plus.. higher up, you've got name exchange 192.168.2.22 (or soemthing?) maybe it's confused and routing the traffic to the wrong place.

also, what's your network numbering like? what's the IP address of the exchange server?
have you tried telnetting to the interface from outside?
__________________

Melbourne IT Support


Please do show your appreciation to those who assist you by leaving Rep Point
  #3  
Old 16th May 2012, 15:52
auglan's Avatar
auglan auglan is offline
Moderator
 
 Join Date: Apr 2010
  6 month star 12 month star
 Location: Raleigh, NC
 Posts: 1,214
 Reputation: auglan has a spectacular aura aboutauglan has a spectacular aura aboutauglan has a spectacular aura about (219)
Default Re: Pix 515e Not able to recieve emai with Exchange

access-group smtp_in in interface outside


Have you checked the logs on the pix? Should be easy to see if inbound smtp traffic is being blocked.
__________________
CCNA, CCNA-Security, CCNP
CCIE Security (In Progress)

Last edited by auglan; 16th May 2012 at 15:59..
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
help with exchange server 2003 send/recieve external email abdu_mka Exchange 2000 / 2003 3 28th April 2009 01:24
MS Exchange 2007 Send and Recieve to and from External Mail Servers (or domains) rmostafa Exchange 2007 / 2010 / 2013 1 24th March 2009 12:09
Exchange 2003 deactivated user recieve mail chewbakka Exchange 2000 / 2003 0 2nd December 2008 18:57
Exchange 2003 - Can recieve but sent emails are delayed markuk3 Exchange 2000 / 2003 5 4th July 2007 03:00
Limit send/recieve between two Exchange servers? rcobb52 Exchange 2000 / 2003 8 29th March 2007 17:52


All times are GMT +3. The time now is 11:11.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri