Solved

Allow email access from seperate VLAN

Posted on 2004-10-26
246 Views
Last Modified: 2010-04-10
Have a VLAN that is on set to 172.17.1.1

Our mail server is a different VLAN 172.16.0.0 network...

Need certain users on the 172.17.1.1 VLAN to be able to get email from the 172.16.0.0 network...I have a core switch 4507R, what sort of access-list needs to be put in?
0
Question by:MCHDMISDEPT
    6 Comments
     
    LVL 1

    Expert Comment

    by:heyiou
    This sounds like more of a subnetting problem than access list.

    Are you using a router between the networks?  
    you need someway to get from the 127.17.x.x. network to the 127.16.x.x network

    Just my first thoughts
    0
     
    LVL 79

    Accepted Solution

    by:
    Do you already have access-lists? Do you have the layer 3 routing configured in your switch?

    0
     

    Author Comment

    by:MCHDMISDEPT
    I do have layer 3 routing configured on the switch...I also have a LAN to LAN setup between this network and ours...I HAVE A CORRECTION: Their network is provided by their ISP.  I now have a LAN to LAN configured between their office and mine.  Their outside IP is 209.40.171.x  I want to be able to provide access to our email server for EXCHANGE and POP mail.  Please advise.

    permit ip host 172.17.1.10 any (4024 matches)
        20 permit tcp any host 172.16.1.1 eq telnet (7273 matches)
        30 permit tcp any host 172.16.1.2 eq telnet (37567 matches)
        40 permit tcp any host 172.16.1.3 eq telnet (3 matches)
        50 permit tcp any host 172.16.0.25 eq 143
        60 permit udp 172.17.1.0 0.0.0.255 host 172.16.0.22 eq domain (1077 matches)

        70 permit udp 172.17.1.0 0.0.0.255 host 172.16.0.23 eq domain (1365 matches)

        80 permit icmp any host 172.17.1.1 (855 matches)
        90 permit tcp host 172.17.1.2 eq www 172.16.0.0 0.0.255.255 (1433 matches)
        100 permit tcp host 172.17.1.3 eq www 172.16.0.0 0.0.255.255 (875 matches)
        110 permit tcp host 172.17.1.4 eq www 172.16.0.0 0.0.255.255 (10 matches)
        120 permit tcp host 172.17.1.5 eq www 172.16.0.0 0.0.255.255 (836 matches)
        130 permit tcp host 172.17.1.6 eq www 172.16.0.0 0.0.255.255 (632 matches)
        140 permit tcp host 172.17.1.7 eq www 172.16.0.0 0.0.255.255 (263 matches)
        150 deny ip any 172.16.0.0 0.15.255.255 (75050 matches)
        160 permit ip any any (352996 matches)
    MCH-4507R#
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Where is this LAN-LAN setup ? Is it a VPN tunnel? Hard wired? Different VLAN?
    Where do you have this access-list applied? It appears to be an outbound access-list....
    Where is your exchange/pop server in realation to this?
    I'd have to see the complete config of your 4507R to be much more help.. I need the big picture here..
    0
     

    Author Comment

    by:MCHDMISDEPT
    LAN to LAN is from PIX 501 to Concentrator 3000...yes, it is a VPN tunnel.  No NOT a different VLAN.  The exchange server is on 172.16.0.x network.  In the concentrator I have defined network lists that associate with only certain ip's on the 172.16.0.x network...these are working fine...except for mail.  
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Does your network list on the 3000 include the mail server lan? I assume yes since everything else works.
    Any other restrictions on the 3000 access-list?
    Is there an acl applied to the VLAN interface facing the 172.16.0.x subnet where the server lives? You posted an acl for the 172.17.0.x VLAN...
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    The DSL Parameters part of this article is valid and can be considered with any brand of internet router and modem (Dlink, 3com, Alcatel, Usrobotics, Parks), by accessing the configuration interface available by the manufacturer eg: http://10.1.1.1 …
    What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now