Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Enabling DES for PDM 1

Status
Not open for further replies.
dougnc

dougnc

Programmer
Sep 2, 2001
62
US
I'm trying to run PDM on a 2000 server. The docs at cisco say I have to have DES or 3DES enabled. It's not. How do I do this?

I'm just trying to get my mail server accessed from the outside. I was hoping an automated tool could help here.

Any help would be greatly appreciated.

Doug
 
Sort by date Sort by votes
HI!

See my post about PIXCRIPT - it is designed for your kind of needs.

Here is a sample (fiction) configuration for you:

nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address outside 55.55.55.1 255.255.255.0
ip address inside 10.0.0.254 255.255.255.0
route outside 0.0.0.0 0.0.0.0 0.0.0.0

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 55.55.55.2 10.0.0.2
access-list 101 permit tcp any host 55.55.55.2 eq smtp
access-group 101 in interface outside


Here is the same config for PIX ver 5.2 and older which does not support access-list commands:

nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address outside 55.55.55.1 255.255.255.0
ip address inside 10.0.0.254 255.255.255.0
route outside 0.0.0.0 0.0.0.0 0.0.0.0

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 55.55.55.2 10.0.0.2
conduit permit tcp host 55.55.55.2 eq smtp any


Bye
Yizhar
Yizhar Hurwitz
 
Upvote 0 Downvote
Yizhar's got it. The 3 main statements you need are these:

static (inside,outside) 55.55.55.2 10.0.0.2
access-list 101 permit tcp any host 55.55.55.2 eq smtp
access-group 101 in interface outside

Where 55.55.55.2 is the IP address that the world uses to hit your mail server and 10.0.0.2 is the internal IP address of the mail server.

Bluecrack
 
Upvote 0 Downvote
HI again.

Please note that you should use different IP addresses for the PIX outside interface, and for the external (known by the internet) IP of your mail server.

If you try to use same IP for both, I don't know if it'll work.

Also one important thing with mail servers is that the you must register the correct IP with your ISP DNS servers using MX record. Contact your ISP for that.
If you already have a registered MX record, try to use that IP for the mail server (in the STATIC and CONDUIT/ACCESS-LIST statements) and give the PIX a different external IP on the outside interface - another IP from the "real" IP addresses you got from the ISP.

I'll add another post here about using single IP with PIX since I'm not sure about that.

Bye
Yizhar
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
307
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Hi We´re thinking of enabling Ac
Replies
0
Views
212
Shmid
Shmid
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
258
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
368
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
89
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top