Routerman, one more question 1

[rkmorrow]

Thanks for all of your help on these questions, but I have one more.

All I need is a conduit for the connection to the inside interface from the DMZ?

This is where i am getting confused a little, if the mail relay server is say 192.168.0.1 and the inside interface is 192.168.1.1 don't i need to have a "static" command to make the connection just like the below static to point the outside interface to the DMZ?

static (dmz1,outside) 93.15.91.103 192.168.0.1 netmask 255.255.255.255 0 0

conduit permit tcp host 93.15.91.103 eq smtp any
conduit permit tcp host 192.168.0.1 eq smtp host 192.168.1.1

It seems as though I am making the connection to the DMZ relay (virtual mail server) but not to the actual exchange server on the inside interface. I cannot telnet into the exchange server on the inside interface fron the DMZ an I should be able to making me thing there is something wrong with my PIX rules to make the connection.

Thanks for any help,

rkmorrow

 

[routerman]

Hi, just had a couple of days off so only picked this up today.

You need another static statement, from DMZ to inside. This is in addition to the DMZ, Outside you already have.

You will also need to provide the additional conduit as well. You should end up with something like this

static (dmz1, outside)93.15.91.103 192.168.0.1 netmask 255.255.255.255 0 0
static (inside,dmz1) 192.168.0.1 192.168.1.1 netmask 255.255.255.255 0 0

conduit permit tcp host 93.15.91.103 eq smtp any
conduit permit tcp host 192.168.0.1 eq smtp host 192.168.1.1

You should then be able to telnet from the dmz1 mail host (192.168.0.1) to the inside host (192.168.1.1) on port 25.

Hope that sorts your problem.