firstdan13
Technical User
Hi,
I have a problem with my firewall setup. I need urgent assistance. I have setup a PIX 506E and setup a VPN. Everything works fine but I cant send or receive email through my Exchange server. I receive email internally but cannot send or receive externally.
I noted that as soon as I put in a command
static (inside,outside) email_outside_address email_inside_address netmask 255.255.255.255
on the email server I lose Internet connectivity.
This is the configuration
interface ethernet0 100full
interface ethernet1 100full
ip address inside 192.168.10.1 255.255.255.0
ip address outside XXX.XX.XXX.90 255.255.255.240
nat (inside) 1 0 0
global (outside) 1 xxx.xx.xxx.86
static (inside,outside) xxx.xx.xxx.82 192.168.10.14 netmask 255.255.255.255
route outside 0.0.0.0 0.0.0.0 xxx.xx.xxx.81 1
access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any host xxx.xx.xxx.82 eq www
access-list outside_access_in permit tcp any host xxx.xx.xxx.82 eq smtp
access-group outside_access_in in interface outside
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp enable outside
isakmp nat-traversal 10
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 authentication pre-share
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
access-list 101 permit ip 192.168.10.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list 100 permit ip 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 100 permit tcp 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0 eq telnet
access-list 100 permit tcp 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0 eq http
nat (inside) 0 access-list 101
crypto ipsec transform-set mytransform esp-des esp-md5-hmac
crypto dynamic-map dynamap 10 set transform-set mytransform
crypto map partner-map 10 ipsec-isakmp dynamic dynamap
crypto map partner-map client authentication LOCAL
crypto map partner-map interface outside
ip local pool ippool 10.0.0.1-10.0.0.254
vpngroup vpn address-pool ippool
vpngroup vpn dns-server 192.168.10.10 192.168.10.11
vpngroup vpn default-domain example.com
vpngroup vpn password ********
vpngroup vpn split-tunnel 101
vpngroup vpn idle-time 1800
username vpnusers password ****** encrypted
sysopt connection permit-ipsec
Thanks
I have a problem with my firewall setup. I need urgent assistance. I have setup a PIX 506E and setup a VPN. Everything works fine but I cant send or receive email through my Exchange server. I receive email internally but cannot send or receive externally.
I noted that as soon as I put in a command
static (inside,outside) email_outside_address email_inside_address netmask 255.255.255.255
on the email server I lose Internet connectivity.
This is the configuration
interface ethernet0 100full
interface ethernet1 100full
ip address inside 192.168.10.1 255.255.255.0
ip address outside XXX.XX.XXX.90 255.255.255.240
nat (inside) 1 0 0
global (outside) 1 xxx.xx.xxx.86
static (inside,outside) xxx.xx.xxx.82 192.168.10.14 netmask 255.255.255.255
route outside 0.0.0.0 0.0.0.0 xxx.xx.xxx.81 1
access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any host xxx.xx.xxx.82 eq www
access-list outside_access_in permit tcp any host xxx.xx.xxx.82 eq smtp
access-group outside_access_in in interface outside
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp enable outside
isakmp nat-traversal 10
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 authentication pre-share
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
access-list 101 permit ip 192.168.10.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list 100 permit ip 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 100 permit tcp 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0 eq telnet
access-list 100 permit tcp 10.0.0.0 255.255.255.0 192.168.10.0 255.255.255.0 eq http
nat (inside) 0 access-list 101
crypto ipsec transform-set mytransform esp-des esp-md5-hmac
crypto dynamic-map dynamap 10 set transform-set mytransform
crypto map partner-map 10 ipsec-isakmp dynamic dynamap
crypto map partner-map client authentication LOCAL
crypto map partner-map interface outside
ip local pool ippool 10.0.0.1-10.0.0.254
vpngroup vpn address-pool ippool
vpngroup vpn dns-server 192.168.10.10 192.168.10.11
vpngroup vpn default-domain example.com
vpngroup vpn password ********
vpngroup vpn split-tunnel 101
vpngroup vpn idle-time 1800
username vpnusers password ****** encrypted
sysopt connection permit-ipsec
Thanks