[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Allow email access from seperate VLAN

Posted on 2004-10-26
6
Medium Priority
?
250 Views
Last Modified: 2010-04-10
Have a VLAN that is on set to 172.17.1.1

Our mail server is a different VLAN 172.16.0.0 network...

Need certain users on the 172.17.1.1 VLAN to be able to get email from the 172.16.0.0 network...I have a core switch 4507R, what sort of access-list needs to be put in?
0
Comment
Question by:MCHDMISDEPT
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:heyiou
ID: 12414708
This sounds like more of a subnetting problem than access list.

Are you using a router between the networks?  
you need someway to get from the 127.17.x.x. network to the 127.16.x.x network

Just my first thoughts
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 12415546
Do you already have access-lists? Do you have the layer 3 routing configured in your switch?

0
 

Author Comment

by:MCHDMISDEPT
ID: 12425218
I do have layer 3 routing configured on the switch...I also have a LAN to LAN setup between this network and ours...I HAVE A CORRECTION: Their network is provided by their ISP.  I now have a LAN to LAN configured between their office and mine.  Their outside IP is 209.40.171.x  I want to be able to provide access to our email server for EXCHANGE and POP mail.  Please advise.

permit ip host 172.17.1.10 any (4024 matches)
    20 permit tcp any host 172.16.1.1 eq telnet (7273 matches)
    30 permit tcp any host 172.16.1.2 eq telnet (37567 matches)
    40 permit tcp any host 172.16.1.3 eq telnet (3 matches)
    50 permit tcp any host 172.16.0.25 eq 143
    60 permit udp 172.17.1.0 0.0.0.255 host 172.16.0.22 eq domain (1077 matches)

    70 permit udp 172.17.1.0 0.0.0.255 host 172.16.0.23 eq domain (1365 matches)

    80 permit icmp any host 172.17.1.1 (855 matches)
    90 permit tcp host 172.17.1.2 eq www 172.16.0.0 0.0.255.255 (1433 matches)
    100 permit tcp host 172.17.1.3 eq www 172.16.0.0 0.0.255.255 (875 matches)
    110 permit tcp host 172.17.1.4 eq www 172.16.0.0 0.0.255.255 (10 matches)
    120 permit tcp host 172.17.1.5 eq www 172.16.0.0 0.0.255.255 (836 matches)
    130 permit tcp host 172.17.1.6 eq www 172.16.0.0 0.0.255.255 (632 matches)
    140 permit tcp host 172.17.1.7 eq www 172.16.0.0 0.0.255.255 (263 matches)
    150 deny ip any 172.16.0.0 0.15.255.255 (75050 matches)
    160 permit ip any any (352996 matches)
MCH-4507R#
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 79

Expert Comment

by:lrmoore
ID: 12425276
Where is this LAN-LAN setup ? Is it a VPN tunnel? Hard wired? Different VLAN?
Where do you have this access-list applied? It appears to be an outbound access-list....
Where is your exchange/pop server in realation to this?
I'd have to see the complete config of your 4507R to be much more help.. I need the big picture here..
0
 

Author Comment

by:MCHDMISDEPT
ID: 12425312
LAN to LAN is from PIX 501 to Concentrator 3000...yes, it is a VPN tunnel.  No NOT a different VLAN.  The exchange server is on 172.16.0.x network.  In the concentrator I have defined network lists that associate with only certain ip's on the 172.16.0.x network...these are working fine...except for mail.  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12428138
Does your network list on the 3000 include the mail server lan? I assume yes since everything else works.
Any other restrictions on the 3000 access-list?
Is there an acl applied to the VLAN interface facing the 172.16.0.x subnet where the server lives? You posted an acl for the 172.17.0.x VLAN...
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question