PIX config , pls advice

["Sh.Anwar" <anwar () gtfs-gulf com>]

Hi all security experts there, 

My great respect to you all.....I need your t4echnical tips .I have scenario
where in PIX 515E firewall and routers are involved in the network and
public access servers. 

The issues and requirements are: 

1.      Some WEB servers are not accessible on the internet though it is
properly configured through  static maps  and conduits in PIX
2.      Mail server Is not accessible though it is properly configured and
SMTP,pop3,imap4  ports are allowed  
3.      configuration required to access DN S server 


Network setup goes like this: 

I have three interfaces on PIX 515E, version 6.2 OS, I have reserved my DMZ
zone to connect to other network and controlling traffic from outside to
inside and all outbound traffic is allowed. My web servers are located on
inside interface. Global pool and NAT are configured. Static maps and
conduits are configured. 

My network is sub netted and has five sub networks configured as follows  

§       172.16.1.0 ( n/w1)
§       172.16.2.0 ( n/w2)
§       172.16.3.0 ( n/w3)
§       172.16.4.0 ( n/w4)
§       172.16.5.0 ( n/w5)

There is a router with 4 serial interfaces in inside network (n/w1) which is
connected to above sub networks (n/w 2 to n/w5) through lease lines with
static routing enabled. RIP is not enabled to save CPU time of routers.
All sub networks are capable to talk to each other and working fine and we
are able to work with network resources of each sub network.

PIX located in n/w1 and mail server is located in n/w5 which has internal IP
configured (say IP is 172.16.5.200): 
§       web server1 is located in n/w1 (IP is 172.16.1.100) ) can access
from outside ) 
§       web server2 is located in n/w1 (IP is 172.16.1.101) can access from
outside ) 
§       web server3 is located in n/w1 (IP is 172.16.1.102) can access from
outside ) 
§       web server4 is located in n/w1 (IP is 172.16.1.102) this is not
accessible  

Route outside command is also configured on PIX. PINGS are happening from
mail server to pix and pix to mail server. I can ping to any subnet from pix
and vice versa.

My problem is I am not able to access web server 4 and mail server though
route inside command is also configured on PIX to route the traffic to
172.167.5.0 network. I have also tested by opening all ip ports on mail
server, but still not able to access. I don't think it is hardware issue but
somewhere it is going wrong. 

Could any one suggest as what to be done to access above servers:  
I also required how to configure DNS server on PIX? Can I enter all my mail
server records like MX records within the firewall? OR Do I need to run
separate DNS server inside interface and map through static and access
through conduits? Which is the best solution? Please suggest: 
thnaks 
Anwar 

----------------------------------------------------------------------------
------------------- 
Any opinions, expressed or implied,presented are solely those of the author
and do not necessarily represent those of GTFS.
----------------------------------------------------------------------------
-------------------