[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

URGENT Firewall Blocking Email

Posted on 2006-10-26
7
Medium Priority
?
234 Views
Last Modified: 2013-11-16
I have an ASA 5510 that may be blocking inbound email.

Will someone please post the proper configuration to allow information to pass through the firewall and forward to an ip address.  This needs to work for Email SMTP POP3 and Internet traffic for Web Exchange.

I already have names setup so you can use "SERVER" for the mail server's IP address.  The access list names are Inside_2_out and Outside_2_in.

Please post everything that needs to roll into the router so that I know I am not missing anything.

Ideally I would like a config I can paste and roll with.

Thanks,

B

0
Comment
Question by:AkuHST
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813360
static(inside,outside) SERVER <InsideIP> netmask 255.255.255.255


access-list Outside_2_in permit tcp any host SERVER eq smtp
access-list Outside_2_in permit tcp any host SERVER eq pop3
access-list Outside_2_in permit tcp any host SERVER eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17813387

Asumming Server is the internal ip address

Static (inside,outside) interface , server

access-list outside_2_in permit tcp any interface eq 25
access-list outside_2_in permit tcp any interface eq 110
access-list outside_2_in permit tcp any interface eq 80 ( assuming http or 443 for ssl )

0
 

Author Comment

by:AkuHST
ID: 17813406
Server is the inside address.   Sorry
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813443
So you don't have a separate ip address (Public IP) and are using the interface assigned ip on the PIX ? If so; do this;

static(inside,outside) tcp interface 25 SERVER 25 netmask 255.255.255.255
static(inside,outside) tcp interface 110 SERVER 110 netmask 255.255.255.255
static(inside,outside) tcp interface 80 SERVER 80 netmask 255.255.255.255 => if HTTP
static(inside,outside) tcp interface 443 SERVER 443 netmask 255.255.255.255 => if HTTPS

access-list Outside_2_in permit tcp any interface eq smtp
access-list Outside_2_in permit tcp any interface eq pop3
access-list Outside_2_in permit tcp any interface eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17813483
OK sorry again....let me post all the variables I am working with.  I was going to fill in the blanks on my own but this will be easier for you guys.

ALSO thanks for the quick response.

Public Address: 72.x.x.x
Outside Interface name: ASA-O
Inside Interface name: ASA-I
Server Address on ASA-I: SERVER

I think that should cover it, but if more would be helpful let me know.
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17813532
Why don't you make it simple man... So I'm going to assume that this 72.x.x.x ip address is not assigned your outside interface of the firewall, OKAY ?

Then do this;

static(inside,outside) 72.x.x.x SERVER netmask 255.255.255.255


access-list Outside_2_in permit tcp any host 72.x.x.x eq smtp
access-list Outside_2_in permit tcp any host 72.x.x.x eq pop3
access-list Outside_2_in permit tcp any host 72.x.x.x eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17814073
Thanks for all the help
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question