Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static Routing Question

Status
Not open for further replies.
tberte

tberte

MIS
May 17, 2002
62
US
Yesterday, I was working a Cisco PIX firewall for a client. I was attempting to open the POP3 port. I was unable to do so.(Another Question for another time).

Now we have another problem. We have two different servers here. One being 'Mail Marshall', their Spam Filter 192.168.1.19 and one being their Exchange 192.168.1.11. The SMTP port on the PIX is setup as follows:

static (inside,outside) tcp x.x.x.131 smtp 192.168.1.19 smtp netmask 255.255.255.255

We have no access-lists setup. Now, all e-mail is going directly to their exchange server, it's not going through 192.168.1.19.

The only static routes I have setup for 1.11 are:

static (inside,outside) tcp x.x.x.131 255.255.255.255

and

static (inside,outside) tcp x.x.x.131 45444 192.168.1.11 45444 netmask 255.255.255.255
------------------------
Where else am I missing something? Why isn't my e-mail going to 192.168.1.19 now? Is there another place to see routing?
 
Sort by date Sort by votes
Can you post a full scrubbed config of the PIX??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I can't unfortunately. I am not on location, and I didn't have TFTP loaded to get the config uploaded. I got the routing working again. It turned out that I needed to do a clear xlate.

Now, I need to get POP3 working. I have the proper static route in place, like above, but when I telnet in to port 110, I just get a blank page. No repsonse at all. POP3 services ARE enabled on the server too. We tested it internally, and all was well.

Creating a

'static (inside,outside) tcp x.x.x.131 pop3 192.168.1.11 pop3 netmask 255.255.255.255 0 0'

should do the trick, correct? or do I need to do more then that?
 
Upvote 0 Downvote
Anybody else have any suggestions for this? It's really got me baffled.
 
Upvote 0 Downvote
Did you create the corresponding ACE in the ACL to allow incoming POP3 traffic??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Do I have to create the Access List? All the rest of the ports that are open such as 3389 for remote desktop work with just a static route created.

Why can't I just create:

static (inside,outside) tcp x.x.x.131 pop3 192.168.1.11 pop3 netmask 255.255.255.255
 
Upvote 0 Downvote
I have to ask, how can that be possible?? Lower security interfaces cannot access higher security interfaces without the use of an access list. Are you 100% sure that there are not ACL's created on this device?? I'm very eager to see this configuration.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
309
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
280
intel233
intel233
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
100
Modem80
Modem80
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
76
ChrisHirst
ChrisHirst
RMurr34
  • Locked
  • Question
No Internet Access if no static map
Replies
0
Views
48
RMurr34
RMurr34

Part and Inventory Search

Sponsor

Back
Top