Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cant send or receive email???

Status
Not open for further replies.
firstdan13

firstdan13

Technical User
Dec 18, 2004
7
0
0
US
Hi,

I have a problem with my firewall setup. I need urgent assistance. I have setup a PIX 506E and setup a VPN. Everything works fine but I cant send or receive email through my Exchange server. I receive email internally but cannot send or receive externally.
I noted that as soon as I put in a command
static (inside,outside) email_outside_address email_inside_address netmask 255.255.255.255

on the email server I lose Internet connectivity.

This is the configuration

interface ethernet0 100full
interface ethernet1 100full

ip address inside 192.168.10.1 255.255.255.0
ip address outside XXX.XX.XXX.90 255.255.255.240

nat (inside) 1 0 0
global (outside) 1 xxx.xx.xxx.86

static (inside,outside) xxx.xx.xxx.82 192.168.10.14 netmask 255.255.255.255

route outside 0.0.0.0 0.0.0.0 xxx.xx.xxx.81 1

access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any host xxx.xx.xxx.82 eq www
access-list outside_access_in permit tcp any host xxx.xx.xxx.82 eq smtp
access-group outside_access_in in interface outside

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable

isakmp enable outside
isakmp nat-traversal 10
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 authentication pre-share
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

access-list 101 permit ip 192.168.10.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list 100 permit ip 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 100 permit tcp 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0 eq telnet
access-list 100 permit tcp 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0 eq http

nat (inside) 0 access-list 101

crypto ipsec transform-set mytransform esp-des esp-md5-hmac

crypto dynamic-map dynamap 10 set transform-set mytransform

crypto map partner-map 10 ipsec-isakmp dynamic dynamap


crypto map partner-map client authentication LOCAL


crypto map partner-map interface outside


ip local pool ippool 10.0.0.1-10.0.0.254

vpngroup vpn address-pool ippool
vpngroup vpn dns-server 192.168.10.10 192.168.10.11
vpngroup vpn default-domain example.com
vpngroup vpn password ********
vpngroup vpn split-tunnel 101
vpngroup vpn idle-time 1800

username vpnusers password ****** encrypted

sysopt connection permit-ipsec


Thanks









 
Status
Not open for further replies.

Similar threads

jeepxo
  • Locked
  • Question
Sending data across 2 VPNS 1
Replies
4
Views
89
jeepxo
jeepxo
thopee133
  • Locked
  • Question
received ipsec delete request
Replies
2
Views
248
thopee133
thopee133
GS2011
  • Locked
  • Question
VPN PPTP [Server 2008 -> Windows 7] Cant access network
Replies
3
Views
96
muckermucker
muckermucker
jmkelly
  • Locked
  • Question
Which firewall: Cisco ASA or WatchGuard?
Replies
1
Views
57
unclerico
unclerico
1DMF
  • Locked
  • Question
HOST or LMHOST? 2
Replies
3
Views
51
1DMF
1DMF

Part and Inventory Search

Sponsor

Back
Top