You need the conduit statement to point to the OUTSIDE Translated Address i.e.,:
conduit permit tcp host <OUTSIDE TRANSLATED ADDRESS> eq smtp any
Also: Make sure you have an MX (Mail eXchange) record for the mail servers OUTSIDE
TRANSLATED ADDRESS.
cheers..
Marc..
>>> "Alessandra Moura" <[EMAIL PROTECTED]> 02/23/00 09:13AM >>>
Try this:
conduit permit tcp host <valid IP> eq smtp any
23/02/2000 09:58
"Ameet Chaubal" <[EMAIL PROTECTED]>
From:
On:
To: [EMAIL PROTECTED]
cc: (bcc: Alessandra Moura/RIO/ANP)
Subject: PIX stat translation not working
Hi all
I am a bit new to pix firewall . The version we have is 4.2
It is a fairly simple setup without dmz.
we have a pool of global ip addersses and just one entry for static NAT.
I have conduit permit icmp any any command in it.
I also have the conduit permit for the static address at port 25 for smtp.
The machines inside can go out thr' dynamic NAT fine. I can even ping them
from outside.
But the problem is for the static translated machine.
This machine can go out and ping anybody on the internet.
But nobody outside seems to be able to see it or ping it. Even telnet at 25
does not work.
I checked everything that I could; there are no outbound access lists.
Does fixup have anything to do with this.?
Could anybody please suggest something?
Thanks a lot
ameet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
