Do you have a static mapping for that device and does your Access-list point to the outside IP of that static?
DNS should not stop you from receiving the mails. It helps when you want to send, but you could point the DNS to another inside machine and handle it that way. At 07:50 11/29/01, you wrote: >hi >i have a cisco pix firewall >and i only have a mail server(MS exchange) on nt server >and alot of workstations on nt workstation >i made a nating for the pcs to work in virtual ips >and only the mail server take a real ip(the traffic came to real and the >firewall pass it to the virtual) >and i only want the out side traffic came to mail ports only >so i opened the 25 tcp port and close any comming other ports >but the servr stop to recieve mails >wahen i allow all traffic on except icmp it works >is there any other ports should be open to allow the mail server to = >recieve mails
