Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static Routing Question

Status
Not open for further replies.

tberte

MIS
May 17, 2002
62
US
Yesterday, I was working a Cisco PIX firewall for a client. I was attempting to open the POP3 port. I was unable to do so.(Another Question for another time).

Now we have another problem. We have two different servers here. One being 'Mail Marshall', their Spam Filter 192.168.1.19 and one being their Exchange 192.168.1.11. The SMTP port on the PIX is setup as follows:

static (inside,outside) tcp x.x.x.131 smtp 192.168.1.19 smtp netmask 255.255.255.255

We have no access-lists setup. Now, all e-mail is going directly to their exchange server, it's not going through 192.168.1.19.

The only static routes I have setup for 1.11 are:

static (inside,outside) tcp x.x.x.131 255.255.255.255

and

static (inside,outside) tcp x.x.x.131 45444 192.168.1.11 45444 netmask 255.255.255.255
------------------------
Where else am I missing something? Why isn't my e-mail going to 192.168.1.19 now? Is there another place to see routing?
 
Can you post a full scrubbed config of the PIX??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
I can't unfortunately. I am not on location, and I didn't have TFTP loaded to get the config uploaded. I got the routing working again. It turned out that I needed to do a clear xlate.

Now, I need to get POP3 working. I have the proper static route in place, like above, but when I telnet in to port 110, I just get a blank page. No repsonse at all. POP3 services ARE enabled on the server too. We tested it internally, and all was well.

Creating a

'static (inside,outside) tcp x.x.x.131 pop3 192.168.1.11 pop3 netmask 255.255.255.255 0 0'

should do the trick, correct? or do I need to do more then that?
 
Anybody else have any suggestions for this? It's really got me baffled.
 
Did you create the corresponding ACE in the ACL to allow incoming POP3 traffic??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Do I have to create the Access List? All the rest of the ports that are open such as 3389 for remote desktop work with just a static route created.

Why can't I just create:

static (inside,outside) tcp x.x.x.131 pop3 192.168.1.11 pop3 netmask 255.255.255.255
 
I have to ask, how can that be possible?? Lower security interfaces cannot access higher security interfaces without the use of an access list. Are you 100% sure that there are not ACL's created on this device?? I'm very eager to see this configuration.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top