This is a multi-part message in MIME format.

--===============0712490975==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C68981.FE463D58"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C68981.FE463D58
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

This seems to me to be more of an issue with name resolution than trying
to config the PIX to handle it. Assuming that all the mail bound for
each other is going through the two smtp servers, all you have to do is
get the mail servers to bypass DNS resloution for each other and send to
the configured address. In Exchange I think you use Connectors (but I'm
in no way an Exchange expert). I know Sendmail and I'm sure Postfix and
Groupwise can do it as well.
=20
=20
=20
=20
Don=20
**************************************
Don Kendrick, CNE, GCIA, CISSP
Enterprise Security Architect
Commonwealth of Virginia
Virginia Information Technologies Agency
(804) 371-5715
110 S. 7th Street
Richmond, Virginia 23219=20
"Keep your arms and hands inside the car and enjoy your ride..."=20
"Using encryption on the Internet is the equivalent of arranging an
armored car to deliver credit card information from someone living in a
cardboard box to someone living on a park bench." - Gene Spafford

************************************************** **********************
******
The information in this email is confidential and may be legally
privileged. Access to this email by anyone other than the intended
addressee is unauthorized. If you are not the intended recipient of this
message, any review, disclosure, copying, distribution, retention, or
any action taken or omitted to be taken in reliance on it is prohibited
and may be unlawful. If you are not the intended recipient, please reply
to or forward a copy of this message to the sender and delete the
message, any attachments, and any copies thereof from your system.

************************************************** **********************
******=20


________________________________

From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of
Charles Norton
Sent: Tuesday, June 06, 2006 9:54 AM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] Question about a Cisco PIX 515 - Routing question (I
think)



=20

Hello everyone, I apologize if this is a question that has been answered
previously (this is my first time joining the list, and posting to it as
well) - I looked through some of the archives and couldn't find anything
that addressed it (or maybe its likely that I don't know how to properly
describe the issue).

=20

=20

I have a Cisco Pix 515 UR, with PIX 7.04 OS and ASDM 5.04 (the newest of
both). - I had my friend help me setup the box at his datacenter and for
the most part its been working, except I realized recently once we moved
all the servers behind it (they're all Virtual Machines running on a
single box - which should be irrelevant I suppose) the machines were
then unable to communicate with each other using their public IP #'s.

=20

Where this became obvious is that, I have 2 SMTP servers, one Exchange
server and another is part of Plesk Hosting panel - when users on one
system email users on another - they're using the @whatever.com domain
name, which can't be resolved because those servers can't communicate on
the public equivalents of what has been NAT'd to the private network
which resides on 10.0.1.x

=20

A good way to describe is - if I go on a machine, it has IP of 10.0.1.23
(internal) which is NAT'd to an external IP of 38.118.71.83 (outside) -
coming from the general Internet, if I hit that IP #, I would get a ping
back, as well as a connection to the web server on there. - If I try to
do the same FROM that machine, or from any other machine on the PIX, it
can't find the route to connect.

=20

Does this make sense?

=20

Can anyone maybe offer any advice or guidance in the matter?

=20

If anyone might be able to lend some assistance I would be most
grateful.

=20

Thank you,

Charles

=20

=20


------_=_NextPart_001_01C68981.FE463D58
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


=3D=20
"urn:schemas-microsoft-comfficeffice" xmlns:w =3D=20
"urn:schemas-microsoft-comffice:word">
charset=3Dus-ascii">




class=3D242492615-06062006>This seems to me to be more of an issue with =
name=20
resolution than trying to config the PIX to handle it. Assuming that all =
the=20
mail bound for each other is going through the two smtp servers, all you =
have to=20
do is get the mail servers to bypass DNS resloution for each other and =
send to=20
the configured address.  In Exchange I think you use Connectors =
(but I'm in=20
no way an Exchange expert). I know Sendmail and I'm sure Postfix and =
Groupwise=20
can do it as well.

class=3D242492615-06062006> 

class=3D242492615-06062006> 

class=3D242492615-06062006> 

class=3D242492615-06062006> 

class=3D242492615-06062006> face=3D"Script MT Bold" size=3D5>Don lang=3Den-us>
lang=3Den-us> face=3D"Arial Black" =
size=3D2>**************************************
Don=20
Kendrick, CNE, GCIA, CISSP
Enterprise Security =
Architect
Commonwealth of=20
Virginia
Virginia Information Technologies Agency
(804) =
371-5715
110 S.=20
7th Street
Richmond, Virginia 23219

lang=3Den-us> face=3D"Arial Black" size=3D2>"Keep your arms and hands inside the car =
and enjoy=20
your ride..."

Black"=20
size=3D2>"Using encryption on the Internet is the equivalent of =
arranging an=20
armored car to deliver credit card information from someone living in a=20
cardboard box to someone living on a park bench." - Gene=20
Spafford


size=3D2>************************************************** **************=
**************
The=20
information in this email is confidential and may be legally privileged. =
Access=20
to this email by anyone other than the intended addressee is =
unauthorized. If=20
you are not the intended recipient of this message, any review, =
disclosure,=20
copying, distribution, retention, or any action taken or omitted to be =
taken in=20
reliance on it is prohibited and may be unlawful. If you are not the =
intended=20
recipient, please reply to or forward a copy of this message to the =
sender and=20
delete the message, any attachments, and any copies thereof from your=20
system.


size=3D2>************************************************** **************=
**************=20






From:=20
firewall-wizards-bounces@listserv.icsalabs.com=20
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of=20
Charles Norton
Sent: Tuesday, June 06, 2006 9:54 =
AM
To:=20
firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] =
Question=20
about a Cisco PIX 515 - Routing question (I think)




style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hello everyone, I =
apologize if this=20
is a question that has been answered previously (this is my first time =
joining=20
the list, and posting to it as well) – I looked through some of =
the archives and=20
couldn’t find anything that addressed it (or maybe its likely that =
I don’t know=20
how to properly describe the issue).>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have a Cisco Pix 515 UR, =
with PIX=20
7.04 OS and ASDM 5.04 (the newest of both). – I had my friend help =
me setup the=20
box at his datacenter and for the most part its been working, except I =
realized=20
recently once we moved all the servers behind it (they’re all =
Virtual Machines=20
running on a single box – which should be irrelevant I suppose) =
the machines=20
were then unable to communicate with each other using their public IP=20
#’s.>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Where this became obvious =
is that, I=20
have 2 SMTP servers, one Exchange server and another is part of Plesk =
Hosting=20
panel – when users on one system email users on another – =
they’re using the=20
@whatever.com domain name, which can’t be resolved because those =
servers can’t=20
communicate on the public equivalents of what has been NAT’d to =
the private=20
network which resides on 10.0.1.x>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">A good way to describe is =
– if I go=20
on a machine, it has IP of 10.0.1.23 (internal) which is NAT’d to =
an external IP=20
of 38.118.71.83 (outside) – coming from the general Internet, if I =
hit that IP=20
#, I would get a ping back, as well as a connection to the web server on =
there.=20
– If I try to do the same FROM that machine, or from any other =
machine on the=20
PIX, it can’t find the route to =
connect.>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Does this make=20
sense?>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Can anyone maybe offer any =
advice or=20
guidance in the matter?>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">If anyone might be able to =
lend some=20
assistance I would be most grateful.>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thank=20
you,>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Charles>>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>


style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">>



------_=_NextPart_001_01C68981.FE463D58--

--===============0712490975==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============0712490975==--