PIX / SMTP question - Help?

PIX / SMTP question - Help?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
PIX / SMTP question - Help? Dblood 01-05-2006
Posted by Dblood on January 5, 2006, 10:00 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I recently installed a PIX 506 on our network. Previously had a 3620
+FW IOS doing the firewalling.

Network: Two companies share the same internet conn., but with two
different domains - two DC's and multiple clients on each domain. Both
servers are SBS and act as mail servers (Exchange) for their respective
domains.

I am currently sending and receiving email on both domains from all
outside domains, and each sends inside emails fine (client to client
within the domain). The problem I have is that I routinely need to
forward mail from one of our domains to the other. Since the addition
of the PIX I can't do this.

So to beat this dead horse: Company A and Company B use the same
firewall. Company A and Company B can both send and receive email from
every domain except Company B (for A) and Company A (for B), and it
all started with the addition of the PIX.

Any ideas?

Thanks,

Danny


Posted by Dblood on January 5, 2006, 10:05 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Originally intended to put this in comp.dcom.sys.cisco, so I did.
Please forgive the cross-post.


Posted by Spack on January 5, 2006, 10:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Dblood wrote on 5 Jan 2006 07:00:32 -0800:

> I recently installed a PIX 506 on our network. Previously had a 3620
> +FW IOS doing the firewalling.
>
> Network: Two companies share the same internet conn., but with two
> different domains - two DC's and multiple clients on each domain. Both
> servers are SBS and act as mail servers (Exchange) for their respective
> domains.
>
> I am currently sending and receiving email on both domains from all
> outside domains, and each sends inside emails fine (client to client
> within the domain). The problem I have is that I routinely need to
> forward mail from one of our domains to the other. Since the addition
> of the PIX I can't do this.
>
> So to beat this dead horse: Company A and Company B use the same
> firewall. Company A and Company B can both send and receive email from
> every domain except Company B (for A) and Company A (for B), and it
> all started with the addition of the PIX.
>
> Any ideas?
>
> Thanks,
>
> Danny


Are both DCs on the same interface on the 506, or separate? I'm a 515 admin
myself, I'm not familiar with the 506 variances, but I'll take a stab at
this. It sounds like the firewall is blocking connections from one interface
to the other. Look at the ACLs and see if you've missed something.

Also check into the "alias" command, in case the issue is to do with IP
address resolution - for instance, mail server at A sends to B, which
resolves to mail.b.com and is an IP on the outside interface of the PIX (as
you're listing the public IP for the mail server in your DNS for lookups).
The PIX sees the IP on the outside interface, and drop the packets as this
would mean routing back into the PIX - it's a security feature to prevent
spoofing. Using the "alias" command you can get the PIX to send the packets
to the correct interface an internal IP without having to mess with your DNS
server. Alternatively, you could set up DNS records to point to the
appropriate internal IPs for each mail host if the DNS servers are being
used internally only.

Dan



Similar ThreadsPosted
SMTP Fixup -- On or Off??? March 31, 2005, 3:58 am
Firewall and SMTP May 17, 2007, 3:00 am
Can a router act as an smtp proxy ?? December 1, 2004, 11:38 pm
SMTP Problems on watchguard July 5, 2005, 10:59 am
SMTP Traffic Routing January 20, 2007, 5:05 pm
Re: CheckPoint SmartDefense and SMTP August 28, 2007, 9:01 pm
Netopia Firewall + SMTP Traffic December 15, 2004, 2:24 am
Sonicwall not forwading SMTP correctly.. November 7, 2006, 8:52 pm
Belkin, Firewall won't let SMTP or POP3 pass December 23, 2004, 9:52 pm
How to Control SMTP heading on firewall Checkpoint? May 27, 2005, 8:32 am

The site map in XML format XML site map

Contact Us | Privacy Policy