Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

URGENT Firewall Blocking Email

Posted on 2006-10-26
7
229 Views
Last Modified: 2013-11-16
I have an ASA 5510 that may be blocking inbound email.

Will someone please post the proper configuration to allow information to pass through the firewall and forward to an ip address.  This needs to work for Email SMTP POP3 and Internet traffic for Web Exchange.

I already have names setup so you can use "SERVER" for the mail server's IP address.  The access list names are Inside_2_out and Outside_2_in.

Please post everything that needs to roll into the router so that I know I am not missing anything.

Ideally I would like a config I can paste and roll with.

Thanks,

B

0
Comment
Question by:AkuHST
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813360
static(inside,outside) SERVER <InsideIP> netmask 255.255.255.255


access-list Outside_2_in permit tcp any host SERVER eq smtp
access-list Outside_2_in permit tcp any host SERVER eq pop3
access-list Outside_2_in permit tcp any host SERVER eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17813387

Asumming Server is the internal ip address

Static (inside,outside) interface , server

access-list outside_2_in permit tcp any interface eq 25
access-list outside_2_in permit tcp any interface eq 110
access-list outside_2_in permit tcp any interface eq 80 ( assuming http or 443 for ssl )

0
 

Author Comment

by:AkuHST
ID: 17813406
Server is the inside address.   Sorry
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813443
So you don't have a separate ip address (Public IP) and are using the interface assigned ip on the PIX ? If so; do this;

static(inside,outside) tcp interface 25 SERVER 25 netmask 255.255.255.255
static(inside,outside) tcp interface 110 SERVER 110 netmask 255.255.255.255
static(inside,outside) tcp interface 80 SERVER 80 netmask 255.255.255.255 => if HTTP
static(inside,outside) tcp interface 443 SERVER 443 netmask 255.255.255.255 => if HTTPS

access-list Outside_2_in permit tcp any interface eq smtp
access-list Outside_2_in permit tcp any interface eq pop3
access-list Outside_2_in permit tcp any interface eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17813483
OK sorry again....let me post all the variables I am working with.  I was going to fill in the blanks on my own but this will be easier for you guys.

ALSO thanks for the quick response.

Public Address: 72.x.x.x
Outside Interface name: ASA-O
Inside Interface name: ASA-I
Server Address on ASA-I: SERVER

I think that should cover it, but if more would be helpful let me know.
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17813532
Why don't you make it simple man... So I'm going to assume that this 72.x.x.x ip address is not assigned your outside interface of the firewall, OKAY ?

Then do this;

static(inside,outside) 72.x.x.x SERVER netmask 255.255.255.255


access-list Outside_2_in permit tcp any host 72.x.x.x eq smtp
access-list Outside_2_in permit tcp any host 72.x.x.x eq pop3
access-list Outside_2_in permit tcp any host 72.x.x.x eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17814073
Thanks for all the help
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question