Help in opening port 102

Hi, I'm a newbie with routers and firewalls. My boss doesn't want to hire competent person to minimize cost. I do however have little knowledge about firewall and router. Our firewall is CISCO PIX 515E and router is Cisco 2610.

MY problem is that, we have a exchange server 5.5 and its connected to our main office abroad. The guys there are requesting me to open port 102 for the X400 connection. I am asking them how and they replied that I should know. I told them that I'm a newbie and they just laughed.

Any help will be appreciated. Plus any advice that you can give me regarding books to read to easily and quickly learn about the routers and firewalls. Thank you in advance. God Bless.

Hi Jayvee,

PIX is not that much hard to learn. I can help you for opening port. Just give me the diagram of your network or give answers to the below mentioned questions. So that I can give you the commands and you can apply it on your firewall.

• Where is your Exchange server?
• Is it in your Inside network or It is in the DMZ.
• How they are going to access the Exchange server over internet
Is it a native traffic or site to site VPN?
• Have you done one to one NAT (Static) for your exchange server with the Public IP?

hi ramasamy, thank you for providing me with hope.

with regards to your questions, like i said i'm new with routers and firewalls but i will try to answer them.

• Where is your Exchange server? our exchange server is located in our office (philippines) it is connected to our head office via x400.

• Is it in your Inside network or It is in the DMZ. our exchange is in our inside network.

• How they are going to access the Exchange server over internet
Is it a native traffic or site to site VPN? the guys will access the exchange server over the internet in native traffic but i know it is connected via X400 connection because i checked port 102 and it states its a MSExchangeMTA X.400 / ISO-TSAP Class 0.

• Have you done one to one NAT (Static) for your exchange server with the Public IP? I am not familiar with NAT yet so I suppose I haven't done this.

Thanks Ramasamy and God bless! I hope I am not being a burden on your part. Thanks.

Hi Jayvee.

I am so sorry I forget about you. I hope you have done it if not Just give the command

What I have Understood is that the exchange server is at your head office and you want to access it from your Branch office if so give the command

Note you have to replace xxx.xxx.xxx.xxx as your network IP address and yyy.yyy.yyy.yyy as your subnets mask and zzz.zzz.zzz.zzz as your Exchange server IP address

access-list inside_access_in permit tcp xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy host zzz.zzz.zzz.zzz eq 102
access-group inside_access_in in interface inside

But for Exchange server access through Web access and Microsoft Outlook you have to open ports 25, 135, 443, 993, 4417, 4418, 4419

If you are accessing through through Web access and Microsoft Outlook

give the command as

enable
your password
conf ter
object-group service Exchange tcp
port-object eq 25
port-object eq 35
port-object eq 443
port-object eq 993
port-object range 4417 4419
exit
access-list inside_access_in permit tcp xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy host zzz.zzz.zzz.zzz object-group Exchange
access-group inside_access_in in interface inside

I am not good in MSExchangeMTA X.400 / ISO-TSAP

Once again sorry for the delay.
Cisco Press book self study guide is very very good for All cisco subjects.

If you want any PDF books just give your email id to kkd_mrk@yahoo.com