Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SMTP static routing question

Status
Not open for further replies.
jmconsulting

jmconsulting

MIS
May 11, 2005
103
US
I am attempting to set up an smtp server behind the 515e on a dmz. I have the dns records (external) pointing to a public IP address. The MX and A records appear to be correct.

The question is when i attempt to trace the public IP address, the trace stops at the last hop before the 515e firewall. I have checked with the T1 provider and IP's x.10 thru x.14 are available. x.10 is the firewall outside interface, x.11 is a static mapping to an internal smtp server.

Is there something that I need to insert in order to be able to get to the exchange box? I have the necessary smtp access list point to the x.11 address, established the dmz, created the static mapping and applied it to the outside interface. Am I missing something?????

Thanks in advance for any info available
 
Sort by date Sort by votes
Maybe because your config doesn't allow it.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
icmp *to* the pix is controlled with the 'icmp' key word. So, if you want to allow icmp echo-request (for ping and traceroute') then you can add the command,

icmp permit any echo outside

Ideally you don't want to allow icmp to your firewall from anywhere so I usually limit it to certain management IP addresses.

icmp permit host <mgmt_IP> outside

To test this I've just done a traceroute to a pix that I manage. With the above icmp command I could trace all the way to the pix. When I removed that line the trace stopped at the router in front of the pix.

Chris.



**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Chris,

I added the line for the icmp echo but still i do not get any reply from the x.11 ip address.

Is there something else that i need to address?
 
Upvote 0 Downvote
Maybe the router is filtering icmp?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
If you are refering to the T1 router, I can ping and trace to the IP address of the pix, I just can't see the exchange server on the back side, even with the static map.

Am I missing something?
 
Upvote 0 Downvote
Add an access-list entry to allow icmp to the global IP address of that box.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
748
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
672
intel233
intel233
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
175
Modem80
Modem80
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
144
ChrisHirst
ChrisHirst
RMurr34
  • Locked
  • Question
No Internet Access if no static map
Replies
0
Views
116
RMurr34
RMurr34

Part and Inventory Search

Sponsor

Back
Top