Do not use on any
shared computer
August 30, 2008 05:33am pdt
 
[x]
Attachment Details

Do I need to associat another vlan to the existing port?

Zone: Cisco PIX Firewall
Tags: Cisco, ASA, 5505
I have a Cisco asa 5505 security appliance running on my network.
I have 3 Servers for convience ...
serv1 DC, DHCP, DNS
serv2 Exchange
serv3 IIS
I have 3 vlans ...
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.xx.188 255.255.255.192  <---- There are 2 active IP addresses in this subnet
!
interface Vlan3
 nameif dmz
 security-level 50
 ip address 192.168.1.1 255.255.255.0


My Issue.
I have clients getting rejections from sbcglobal on dns failures.
mail.domain.com rDNS xx.xx.xx.188
Now the difficulties. Mail is  set up to go through xx.xx.xx.189
access-list inbound extended permit tcp any host xx.xx.xx.188 eq www     <--- Serv3
access-list inbound extended permit tcp any host xx.xx.xx.188 eq ftp         <--- Serv3
access-list inbound extended permit tcp any host xx.xx.xx.188 eq https     <--- Serv3
access-list inbound extended permit tcp any host xx.xx.xx.189 eq smtp     <--- Serv2
access-list inbound extended permit tcp any host xx.xx.xx.189 eq pop3     <--- Serv2
access-list inbound extended permit tcp any host xx.xx.xx.189 eq imap4    <--- Serv2
access-list inbound extended permit tcp any host xx.xx.xx.189 eq https     <--- Serv2 (owa)

static (dmz,outside) tcp interface www 192.168.1.3 www netmask 255.255.255.255
static (dmz,outside) tcp interface ftp 192.168.1.3 ftp netmask 255.255.255.255
static (dmz,outside) tcp interface https 192.168.1.3 https netmask 255.255.255.2
55
static (inside,outside) tcp xx.xx.xx.189 https 192.168.2.38 https netmask 255.2
55.255.255
static (inside,outside) tcp xx.xx.xx.189 pop3 192.168.2.38 pop3 netmask 255.255
.255.255
static (inside,outside) tcp xx.xx.xx.189 smtp 192.168.2.38 smtp netmask 255.255
.255.255
static (inside,outside) tcp xx.xx.xx.189 imap4 192.168.2.38 imap4 netmask 255.2
55.255.255


Ok.
ALL traffic flows through, With the exception of Serv2. Even though mail flows in and out I have rDNS failures from sbcglobal.net my IP resolves to xx.xx.xx.188 when everything is set for 189.
I have verified outside DNS mx points to A, and A points to 189. However still resolving to 188
Should be resolving to .189
Start your free trial to view this solution
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.8
Question Stats
Zone: Security
Question Asked By: ultreya
Solution Provided By: karwak
Participating Experts: 1
Solution Grade: A
Views: 0
Translate:
Loading Advertisement...
 
[+][-]Expert Comment by karwak
Expert Comment by karwak:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by ultreya
Author Comment by ultreya:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by karwak
Expert Comment by karwak:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by ultreya
Author Comment by ultreya:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by ultreya
Author Comment by ultreya:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by ultreya
Author Comment by ultreya:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by karwak
Expert Comment by karwak:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by ultreya
Author Comment by ultreya:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Accepted Solution by karwak
Accepted Solution by karwak:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
20080723-EE-VQP-34 / EE_QW_2_20070628