Email Filtering downs my Internet

[multisyncxp21]

I am testing a Barrcuda 300 spam filter. I run an Exchange 2000 server with a PIX 506 firewall and a Cisco router.
When I connect barracuda my interent goes off
.
On my firewall my MX record public IP is nated to a local IP of the exchange server.
I changed this local IP to Barracuda's IP(Local) as per the Barracuda documentation. Then Mail started going thru Barracuda and then to my exchange server.
But then the Internet stopped. No body could go on to the internet. Page cannot be displayed. BUT email was working
I could ping the gateway address from here.
I called Barracuda. They couldnt help
What am I doing wrong
thanks

 

[bell1996]

COuld you post your PIX config? Take out all real IPs and passwords.

 

[multisyncxp21]

Hi
This is the config
access-list acl_out permit tcp any host Public IP_MX eq smtp
access-list acl_out permit tcp any hostPublic IP_MX eq pop3
static (inside,outside) PUBLIC IP_MX LOCAL IP netmask 255.255.255.255 0 0"
I changed this static inside to point to the Barracuda Machine. Then Email flows into Barracuda. But internet stops.
When I put the PIX back where it was then everything is fine
thanks

 

[lgarner]

Are those the only ACL lines? There's no reason that changing the static statement from one internal address to another should matter.

 

[bell1996]

I agree with Igarner.

How is your NAT setup (or is it PAT)?

 

[multisyncxp21]

This is my PIX
access-list acl_out permit tcp any host public ip eq smtp
access-list acl_out permit tcp any hostpublic ip eq pop3
access-list acl_out permit udp any host public ip eq 5004
access-list acl_out permit udp any host public ip eq 5005
access-list acl_out permit tcp any host public ip eq 5566
access-list acl_out permit udp any host public ip eq 5567
access-list acl_out permit tcp any host public ip eq 5631
access-list acl_out permit udp any host public ip eq 5632
access-list acl_out permit udp any host public ip eq 5632
access-list acl_out permit tcp any host public ip eq 5631
access-list acl_out permit tcp any hostpublic ip eq www
access-list acl_out permit tcp any hostpublic ip eq 443
access-list acl_out permit gre any host public ip
access-list acl_out permit tcp any host public ip eq 1723
access-list acl_out permit tcp any host PUBLIC IP eq 3389
ip address outside Public IP 255.255.255.240
ip address inside LOCAL IP 255.255.255.0
arp timeout 14400
global (outside) 1 PUBLIC IP netmask 255.255.255.248
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside)public ip LOCAL IP netmask 255.255.255.255 0 0
static (inside,outside) public ip LOCAL IP netmask 255.255.255.255 0 0
static (inside,outside) public ip LOCAL IP netmask 255.255.255.255 0 0
static (inside,outside) public ip LOCAL IP netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 PUBLIC IP

LOOKS like I have to Do something with my router.
Barracuda asked me to forward (port direction) incoming SMTP traffic on port 25 to the Barracuda firewall.
I did that then then no one can access the internet
thanks

 

[sicktrick]

no fixup smtp?

 

[multisyncxp21]

Everything works without the "Barracuda"
So it is not my pIX config.
May be I have to add a A record and a MX record in my DNS for Barracuda
thanks