Introduction
This sample configuration demonstrates how to set up the PIX Firewall for access to a mail server located on the DMZ network.
Note: The SMTP inspection configured in this document is not compatible with ESMTP connections to servers such as Microsoft Exchange. Do not configure SMTP inspection if you use a mail server that relies on ESMTP. Alternatively, PIX Software version 7.0 and later supports SMTP and ESMTP inspection.
Prerequisites
Requirements
There are no specific prerequisites for this document.
Components Used
The information in this document is based on these software and hardware versions:
-
PIX Firewall 515
-
PIX Firewall software release 6.3(3)
-
Cisco 3640 Router
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool ( registered customers only) to obtain more information on the commands used in this section.
Network Diagram
This document uses this network setup.
Configurations
This document uses this configuration.
PIX Configuration |
---|
PIX Version 6.3(3) |
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
Troubleshooting Commands
The Output Interpreter Tool ( registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
Note: Refer to Important Information on Debug Commands before you use debug commands.
-
debug icmp trace—Shows whether Internet Control Message Protocol (ICMP) requests from the hosts reach the PIX. In order to run this debug, you need to add the access-list command to permit ICMP in your configuration.
-
logging buffer debugging—Shows connections that are established and denied to hosts that go through the PIX. The information is stored in the PIX log buffer, and the output can be seen with the show log command.
Refer to Setting Up the PIX Syslog for more information on how to set up logging.