This is a multi-part message in MIME format.

--===============0368936666==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7124E.26D1D4D3"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7124E.26D1D4D3
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The most glaring problem that immediately shows up is your access list=0D=0A=
assuming that all traffic destined for port 80 (for example) will also=0D=0A=
be sourced from port 80. Quoting a couple of your lines below...=0D=0A=20=0D=
=0A> access-list outside_access_in permit tcp any eq www interface outside=0D=
=0Aeq www=20=0D=0A=0D=0A> access-list outside_access_in permit tcp any eq h=
ttps interface=0D=0Aoutside eq https=20=0D=0A=0D=0A> access-list outside_ac=
cess_in permit tcp any eq smtp interface outside=0D=0Aeq smtp=20=0D=0A=0D=0A=
=20=0D=0A These should be changed to...=0D=0A=20=0D=0Aaccess-list outside_=
access_in permit tcp any interface outside eq www=20=0D=0A=0D=0Aaccess-list=
outside_access_in permit tcp any interface outside eq https=20=0D=0A=0D=0A=
access-list outside_access_in permit tcp any interface outside eq smtp=20=0D=
=0A=0D=0A=20=0D=0A--=20=0D=0AJohn=20=0D=0A=20=0D=0A=0D=0A_____________ _____=
______________=0D=0A=0D=0AFrom: firewall-wizards-bounces@listserv.icsalabs.=
com=0D=0A[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf =
Of=0D=0AWilliam A. May=0D=0ASent: Saturday, November 25, 2006 7:51 PM=0D=0A=
To: firewall-wizards@listserv.icsalabs.com=0D=0ASubject: [fw-wiz] Pix 501 N=
AT problems with Web and Exchange server=0D=0A=0D=0A=0D=0A=0D=0AI read thro=
ugh the postings about inbound NAT problems with the PIX 501=0D=0Aposted in=
February 2005 and tried to configure my new PIX 501=0D=0Aaccordingly but w=
ith little luck. What I trying to do is replace my=0D=0ALinksys WRT54G wit=
h a PIX 501. I have a Web server and an Exchange=0D=0AServer 2003 on my in=
ternal network and I want to be able to have my web=0D=0Apage accessed from=
the outside and I also want to be able to continue to=0D=0Areceive my emai=
l. Currently I can view web pages and send email.=0D=0AListed below is my =
current configuration, with certain marked changes,=0D=0Aplease let me know=
where I'm going wrong=3F=0D=0A=0D=0A=20=0D=0A=0D=0AThanks,=0D=0A=0 D=0A=20=0D=
=0A=0D=0AAlan=0D=0A=0D=0A=20=0D=0A=0D=0A: Saved=0D=0A=0D=0A: Written by ena=
ble_15 at 19:49:11.582 UTC Sat Nov 25 2006=0D=0A=0D=0APIX Version 6.3(5)=0D=
=0A=0D=0Ainterface ethernet0 auto=0D=0A=0D=0Ainterface ethernet1 100full=0D=
=0A=0D=0Anameif ethernet0 outside security0=0D=0A=0D=0Anameif ethernet1 ins=
ide security100=0D=0A=0D=0Aenable password encrypted=0D=0A=0D=0Ap=
asswd encrypted=0D=0A=0D=0Ahostname pixfirewall =0D=0A=0D=
=0Adomain-name ciscopix.com =0D=0A=0D=0Afixup protocol dns maximum=
-length 512=0D=0A=0D=0Afixup protocol ftp 21=0D=0A=0D=0Afixup protocol h323=
h225 1720=0D=0A=0D=0Afixup protocol h323 ras 1718-1719=0D=0A=0D=0Afixup pr=
otocol http 80=0D=0A=0D=0Afixup protocol rsh 514=0D=0A=0D=0Afixup protocol =
rtsp 554=0D=0A=0D=0Afixup protocol sip 5060=0D=0A=0D=0Afixup protocol sip u=
dp 5060=0D=0A=0D=0Afixup protocol skinny 2000=0D=0A=0D=0Ano fixup protocol =
smtp 25=0D=0A=0D=0Afixup protocol sqlnet 1521=0D=0A=0D=0Afixup protocol tft=
p 69=0D=0A=0D=0Anames=0D=0A=0D=0Aname 172.16.10.0 LAN =0D=0A=0D=0A=
name 172.16.10.11 Web-Exch-Server =0D=0A=0D=0Aaccess-list outside_=
access_in permit tcp any eq www interface outside eq=0D=0Awww=20=0D=0A=0D=0A=
access-list outside_access_in permit tcp any eq https interface outside=0D=0A=
eq https=20=0D=0A=0D=0Aaccess-list outside_access_in permit tcp any eq smtp=
interface outside=0D=0Aeq smtp=20=0D=0A=0D=0Aaccess-list outside_access_in=
permit icmp any any echo-reply=20=0D=0A=0D=0Aaccess-list outside_access_in=
permit icmp any any traceroute=20=0D=0A=0D=0Aaccess-list outside_access_in=
permit icmp any any time-exceeded=20=0D=0A=0D=0Aaccess-list inside_access_=
in permit icmp any any=20=0D=0A=0D=0Aaccess-list inside_access_in permit ip=
LAN 255.255.255.0 any=20=0D=0A=0D=0Apager lines 24=0D=0A=0D=0Amtu outside =
1500=0D=0A=0D=0Amtu inside 1500=0D=0A=0D=0Aip address outside dhcp setroute=0D=
=0A=0D=0Aip address inside 172.16.10.1 255.255.255.0 =0D=0A=0D=0Ai=
p audit info action alarm=0D=0A=0D=0Aip audit attack action alarm=0D=0A=0D=0A=
pdm location LAN 255.255.255.0 inside=0D=0A=0D=0Apdm location Web-Exch-Serv=
er 255.255.255.255 inside=0D=0A=0D=0Apdm logging informational 100=0D=0A=0D=
=0Apdm history enable=0D=0A=0D=0Aarp timeout 14400=0D=0A=0D=0Aglobal (outsi=
de) 1 interface=0D=0A=0D=0Anat (inside) 1 0.0.0.0 0.0.0.0 0 0=0D=0A=0D=0Ast=
atic (inside,outside) tcp interface www Web-Exch-Server www netmask=0D=0A25=
5.255.255.255 0 0=20=0D=0A=0D=0Astatic (inside,outside) tcp interface https=
Web-Exch-Server https=0D=0Anetmask 255.255.255.255 0 0=20=0D=0A=0D=0Astati=
c (inside,outside) tcp interface smtp Web-Exch-Server smtp netmask=0D=0A255=
=2E255.255.255 0 0=20=0D=0A=0D=0Aaccess-group outside_access_in in interfac=
e outside=0D=0A=0D=0Atimeout xlate 0:05:00=0D=0A=0D=0Atimeout conn 1:00:00 =
half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225=0D=0A1:00:00=0D=0A=0D=0Ati=
meout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00=0D=0A=0D=0Ati=
meout sip-disconnect 0:02:00 sip-invite 0:03:00=0D=0A=0D=0Atimeout uauth 0:=
05:00 absolute=0D=0A=0D=0Aaaa-server TACACS+ protocol tacacs+=20=0D=0A=0D=0A=
aaa-server TACACS+ max-failed-attempts 3=20=0D=0A=0D=0Aaaa-server TACACS+ d=
eadtime 10=20=0D=0A=0D=0Aaaa-server RADIUS protocol radius=20=0D=0A=0D=0Aaa=
a-server RADIUS max-failed-attempts 3=20=0D=0A=0D=0Aaaa-server RADIUS deadt=
ime 10=20=0D=0A=0D=0Aaaa-server LOCAL protocol local=20=0D=0A=0D=0Ahttp ser=
ver enable=0D=0A=0D=0Ahttp LAN 255.255.255.0 inside=0D=0A=0D=0Ano snmp-serv=
er location=0D=0A=0D=0Ano snmp-server contact=0D=0A=0D=0Asnmp-server commun=
ity public=0D=0A=0D=0Ano snmp-server enable traps=0D=0A=0D=0Afloodguard ena=
ble=0D=0A=0D=0Atelnet timeout 5=0D=0A=0D=0Assh timeout 5=0D=0A=0D=0Aconsole=
timeout 0=0D=0A=0D=0Adhcpd auto_config outside=0D=0A=0D=0Aterminal width 8=
0=0D=0A=0D=0ACryptochecksum:8069dd3a26bd7570990dfe 55c7c7064e=0D=0A=0D=0A: e=
nd=0D=0A=0D=0A=20=0D=0A=0D=0A=0D=0A=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20=0D=0ATh is email is confidential =
and intended solely for the use of the=20=0D=0Aindividual or organization t=
o whom it is addressed. Any opinions or=20=0D=0Aadvice presented are solely=
those of the author and do not necessarily=20=0D=0Arepresent those of the =
Millward Brown Group of Companies. If you are=20=0D=0Anot the intended rec=
ipient of this email, you should not copy, modify,=20=0D=0Adistribute or ta=
ke any action in reliance on it. If you have received=20=0D=0Athis email in=
error please notify the sender and delete this email=20=0D=0Afrom your sys=
tem. Although this email has been checked for viruses=20=0D=0A and other de=
fects, no responsibility can be accepted for any loss or=20=0D=0Adamage ari=
sing from its receipt or use.=20=0D=0A=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20=0D=0 A
------_=_NextPart_001_01C7124E.26D1D4D3
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=0D=0A mlns=3D"http://www.w3.org/TR/REC-html40" xmlns =3D=20=0D=0A"urn:schemas-m=
icrosoft-comfficeffice" xmlns:w =3D=20=0D=0A"urn:schemas-microsoft-com:=
office:word">=0D=0A ml; charset=3Dus-ascii">=0D=0A GENERATOR>=0D=0A=0D=0A AD>=0D=0A=0D=0A
align=3Dleft> olor=3D#0000ff size=3D2>The most glaring problem that immediately shows up =
is your=20=0D=0Aaccess list assuming that all traffic destined for por=
t 80 (for example)=20=0D=0Awill also be sourced from port 80.  Qu=
oting a couple of your lines=20=0D=0Abelow...
=0D=0A dir=3Dltr align=3Dleft> =20=0D=0Acolor=3D#0000ff size=3D2>