Solved

Firewall Help, no email coming in, need help quick

Posted on 2004-08-25
5
227 Views
Last Modified: 2013-11-29
Hi. Well we have a cisco pix 515 here. Ive been trying to set up an ftp server and finally made it happen to day and had it working and everything.  Right around that time our email stopped coming in. Our web server and mail server cannot be accessed from outside our network.  I took out all the ftp stuff i added today and still nothing. Everything seems to be in place. PLease I need help ASAP. Its 6:00PM and Im still at working trying to figure this out. THanks in advance. Ill be around to answer any other ?s
0
Comment
Question by:emilbus20
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11898008
You need to allow inbound access to TCP port 80 and 25 to your web server and mail server. You also need to allow traffic FROM UDP port 53 in and FROM TCP port 25 in.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 250 total points
ID: 11898043
I'm assuming you haven't blocked any outbound traffic. The inbound traffic from port 25 only needs to go to your mail server.
0
 
LVL 1

Accepted Solution

by:
slapshot45 earned 250 total points
ID: 11898658
Here's the command you would enter assuming your following mike's instructions (taken from cisco site, replace with your own numbers):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

ACL
1 Define a static address translation for the inside web server to an outside/global address.

    static (inside, outside) 175.1.1.254 10.200.1.254

2 Define which hosts can connect on which ports to our web/FTP server.

    access-list 101 permit tcp any host 175.1.1.254 eq www
    acess-list 101 permit tcp host 199.199.199.24 host 175.1.1.254 eq ftp

In the commands above, the www and ftp can be replaced by port numbers such as 80 & 21

3 Apply the ACL to the outside interface.

    access-group 101 in interface outside


Am I correct to assume that the PIX and the e-mail server were in place and operational and the only change was FTP being added? If this is the case and you made minimal changes in your PIX config can you give us some more information on what was changed on the server(s)?

0
 
LVL 1

Author Comment

by:emilbus20
ID: 11902324
Well it seems some how i was missing this

access-group outside_acl in interface outside

Worked out fine after i put this in. Ooopppsss
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11903957
I guess that would do it!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HP network exams 3 62
Certification Follow-up 2 63
Virtual Servers, Host Server - Windows OS, which would be best? 21 49
Configure 2 Servers with Crossover cable 3 20
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question