[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

Cisco ASA-5505 - IMAP4 forwarding to email server

Asked by eddy_gequiere in Cisco PIX Firewall

Hi, i'm trying to have my blackberry to get the emails from our mailserver(not public) thru our cisco 5505 and cannot find any issue..
here's a part of the config:
ASA Version 7.2(4)
!
hostname GeodisWilson02
domain-name geodiswilson.com
enable password F4M969RI8REUCzj4 encrypted
passwd F4M969RI8REUCzj4 encrypted
names
name 194.78.X.X Outsideip
name 10.229.X.X insideip
!
interface Vlan1
 nameif inside
 security-level 100
 ip address insideip 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address Outsideip 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name geodiswilson.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network Wijnegem
 network-object 10.229.X.0 255.255.255.0
object-group network Brucargo
 network-object 192.168.X.0 255.255.255.0
object-group network Deurne
 network-object 192.168.X.0 255.255.255.0
object-group network Amsterdam
 network-object 10.229.X.0 255.255.255.0
 network-object 10.15.X.0 255.255.255.0
object-group network WijnegemClients
 network-object 10.229.X.0 255.255.255.0
object-group network HQ
 network-object 10.229.9.0 255.255.255.0
 network-object 10.229.4.0 255.255.255.0
access-list nonat extended permit ip object-group Wijnegem object-group WijnegemClients
access-list nonat extended permit ip object-group Amsterdam object-group WijnegemClients
access-list nonat extended permit ip object-group Brucargo object-group WijnegemClients
access-list nonat extended permit ip object-group Deurne object-group WijnegemClients
access-list nonat extended permit ip object-group HQ object-group WijnegemClients
access-list splittunnel standard permit 10.229.X.X 255.255.255.0
access-list splittunnel standard permit 10.229.X.X 255.255.255.0
access-list splittunnel standard permit 10.229.X.X 255.255.255.0
access-list splittunnel standard permit 192.168.X.X 255.255.255.0
access-list splittunnel standard permit 192.168.X.X 255.255.255.0
access-list splittunnel standard permit 10.229.X.X 255.255.255.0
access-list splittunnel standard permit 10.15.X.X 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit tcp any eq imap4 host 10.229.A.A eq imap4
access-list outside_access_in extended permit tcp any eq smtp host 10.229.A.A eq smtp
access-list outside_access_in extended deny ip any any log
access-list lan_to_VPNClients extended permit ip any object-group WijnegemClients
access-list lan_to_outside extended permit ip any any
access-list lan_to_outside extended permit tcp any any
pager lines 24
logging enable
logging timestamp
logging console debugging
logging asdm informational
logging mail debugging
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.229.X.0 255.255.255.0
access-group lan_to_outside in interface inside
access-group outside_access_in in interface outside
route inside 192.168.X.X 255.255.255.0 10.229.X.1 1
route inside 192.168.X.X 255.255.255.0 10.229.X.1 1
route inside 10.229.X.X 255.255.255.0 10.229.X.1 1
route inside 10.229.X.X 255.255.255.0 10.229.X.1 1
route inside 10.229.X.X 255.255.255.0 10.229.X.1 1
route inside 10.15.X.X 255.255.255.0 10.229.X.1 1
route outside 0.0.0.0 0.0.0.0 Outsideip 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:45:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 10.229.X.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set VPNClientsTS esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address lan_to_VPNClients
crypto dynamic-map outside_dyn_map 20 set transform-set VPNClientsTS
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp disconnect-notify
crypto isakmp reload-wait
telnet 10.229.X.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 20
console timeout 60
management-access inside
[+][-]07/03/09 10:09 AM, ID: 24773506Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/03/09 11:18 AM, ID: 24773774Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/07/09 01:36 AM, ID: 24792377Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/09/09 09:47 AM, ID: 24815564Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20090701_SELECT_ZONES