Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

can't get smtp traffic???

Status
Not open for further replies.
str8flush

str8flush

MIS
Sep 30, 2003
4
US
I have our PIX configured to be completely open on all interfaces. (at least that's what i believe) All traffic works as it should. I have a server that acts as both a web server and an email server in the test environment on the inside subnet (10.0.0.100 Test-Server). The web portion works fine but I am having trouble with mail portion. If I telnet to port 25, instead of seeing correct output like:

220 server.domain.com Microsoft ESMTP MAIL Service, version: 5.0.2195.2966 ready at Mon, 6 Oct 2003 13:39:26 -0500

the output I get is:

220 *********************************0*2*00*****************************************200********************0.00

However, when I telnet to it without going through the Pix, the output is as it should be.

Has anyone seen this? I am baffled. I am new to the Pix so it is very possible I am somehow incorrectly configured.

The PIX is configured as follows:

PIX Version 6.2(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security10

names

name 10.0.0.100 Test-Server

access-list dmz-in permit icmp any any

access-list dmz-in permit ip any any

access-list inside-in permit icmp any any

access-list inside-in permit ip any any

access-list inside-no-nat permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.240.0.0

access-list dmz-no-nat permit ip 192.168.0.0 255.240.0.0 10.0.0.0 255.0.0.0

access-list out-in permit icmp any any

access-list out-in permit ip any any

ip address outside 222.222.222.222 255.255.255.0

ip address inside 10.0.0.1 255.0.0.0

ip address dmz 192.168.0.1 255.240.0.0

global (outside) 1 222.222.222.254

nat (inside) 0 access-list inside-no-nat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (dmz) 0 access-list dmz-no-nat

nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 222.222.222.100 Test-Server netmask 255.255.255.255 0 0

access-group out-in in interface outside

access-group inside-in in interface inside

access-group dmz-in in interface dmz



 
Sort by date Sort by votes
Nevermind...my Pix book finally came in. I see this is by design with MailGuard ;)

Thanks anyway
 
Upvote 0 Downvote
Yeah... fixup protocol smtp doesn't support ESMTP (which is the majority of all mail servers). Cisco will hopefully fix this. :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
151
Russtoleum
Russtoleum
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
187
Russtoleum
Russtoleum
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
139
Garbear
Garbear
quazimotto
  • Locked
  • Question
Can't get Out
Replies
1
Views
341
quazimotto
quazimotto
MeesterDull
  • Locked
  • Question
Can't remote into my SonicWall
Replies
0
Views
112
MeesterDull
MeesterDull

Part and Inventory Search

Sponsor

Back
Top