From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sun Nov 19 2006 - 06:34:55 ART
Also, pay special attention whever you configure "service reset*" for
1) Inside users, that connect to outside mail-sever via SMTP through
outside interface PAT
2) Static outside interface PAT for inside server.
or for
3) Inside SMTP server mapped via static NAT command;
4) Users connecting to outside SMTP server via regular dynamic NAT.
With case 1 and 2 you configure "service resetoutside" and for 3,4 you use
"resetinbound" command.
Established/permitto works for both cases, but it's less secure.
2006/11/19, Lab Rat #109385382 <techlist01@gmail.com>:
>
> If I had a question that stated "users report that returning SMTP traffic
> sent from inside the PIX is slow or not even communicating
> correctly. After
> investigating, you realize that the SMTP traffic is returning on TCP port
> 113."
>
> What would be the appropriate "established" command syntax?
>
> I would say "established tcp 0 25 permitto tcp 113 permitfrom tcp 0"
>
> Is that what you would say?
>
> Thanks,
>
> Ed
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART