Hey everyone this one is really throwing me for a loop, I can't understand what the problem is. Here's the interface's on the pix:
So the org I work for is in an amalgamation and the new org will be going live on jan 1. So we are making the new organization network off of another interface on the PIX firewall. This way we can build all the servers in a new network without bumping heads with current servers.
So anyway we have a mail server on the inside for our current org and a mail server on the interface neworg(eth2). Now our the inside mail server can send to the neworg mail server because of lower security levels and I have natting setup. You can send mail to the neworg from anywhere actually, I've tested gmail and other outside sources.
The problem is sending email to the inside mail server from the neworg mailserver. It just doesn't work. I have no static routes or access-lists for it to get through the firewall to the inside but I don't think I should need any as the dns resolves the external ip of the mail server(1.1.1.5). So it should send the mail which will go through the pix out the external interface and then hit the router the router should send it right back to the pix which should then let it through into the inside interface. When I send mail I dont get anything in the logs about it being denied.
Any help would be greatly appreciated.
Code:
interface Ethernet0
speed 100
duplex full
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11
!
interface Ethernet2
speed 100
duplex full
nameif neworg
security-level 99
ip address 192.168.0.1 255.255.255.0 standby 192.168.0.2
!
So anyway we have a mail server on the inside for our current org and a mail server on the interface neworg(eth2). Now our the inside mail server can send to the neworg mail server because of lower security levels and I have natting setup. You can send mail to the neworg from anywhere actually, I've tested gmail and other outside sources.
The problem is sending email to the inside mail server from the neworg mailserver. It just doesn't work. I have no static routes or access-lists for it to get through the firewall to the inside but I don't think I should need any as the dns resolves the external ip of the mail server(1.1.1.5). So it should send the mail which will go through the pix out the external interface and then hit the router the router should send it right back to the pix which should then let it through into the inside interface. When I send mail I dont get anything in the logs about it being denied.
Any help would be greatly appreciated.