?
Solved

URGENT Firewall Blocking Email

Posted on 2006-10-26
7
Medium Priority
?
232 Views
Last Modified: 2013-11-16
I have an ASA 5510 that may be blocking inbound email.

Will someone please post the proper configuration to allow information to pass through the firewall and forward to an ip address.  This needs to work for Email SMTP POP3 and Internet traffic for Web Exchange.

I already have names setup so you can use "SERVER" for the mail server's IP address.  The access list names are Inside_2_out and Outside_2_in.

Please post everything that needs to roll into the router so that I know I am not missing anything.

Ideally I would like a config I can paste and roll with.

Thanks,

B

0
Comment
Question by:AkuHST
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813360
static(inside,outside) SERVER <InsideIP> netmask 255.255.255.255


access-list Outside_2_in permit tcp any host SERVER eq smtp
access-list Outside_2_in permit tcp any host SERVER eq pop3
access-list Outside_2_in permit tcp any host SERVER eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17813387

Asumming Server is the internal ip address

Static (inside,outside) interface , server

access-list outside_2_in permit tcp any interface eq 25
access-list outside_2_in permit tcp any interface eq 110
access-list outside_2_in permit tcp any interface eq 80 ( assuming http or 443 for ssl )

0
 

Author Comment

by:AkuHST
ID: 17813406
Server is the inside address.   Sorry
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813443
So you don't have a separate ip address (Public IP) and are using the interface assigned ip on the PIX ? If so; do this;

static(inside,outside) tcp interface 25 SERVER 25 netmask 255.255.255.255
static(inside,outside) tcp interface 110 SERVER 110 netmask 255.255.255.255
static(inside,outside) tcp interface 80 SERVER 80 netmask 255.255.255.255 => if HTTP
static(inside,outside) tcp interface 443 SERVER 443 netmask 255.255.255.255 => if HTTPS

access-list Outside_2_in permit tcp any interface eq smtp
access-list Outside_2_in permit tcp any interface eq pop3
access-list Outside_2_in permit tcp any interface eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17813483
OK sorry again....let me post all the variables I am working with.  I was going to fill in the blanks on my own but this will be easier for you guys.

ALSO thanks for the quick response.

Public Address: 72.x.x.x
Outside Interface name: ASA-O
Inside Interface name: ASA-I
Server Address on ASA-I: SERVER

I think that should cover it, but if more would be helpful let me know.
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17813532
Why don't you make it simple man... So I'm going to assume that this 72.x.x.x ip address is not assigned your outside interface of the firewall, OKAY ?

Then do this;

static(inside,outside) 72.x.x.x SERVER netmask 255.255.255.255


access-list Outside_2_in permit tcp any host 72.x.x.x eq smtp
access-list Outside_2_in permit tcp any host 72.x.x.x eq pop3
access-list Outside_2_in permit tcp any host 72.x.x.x eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17814073
Thanks for all the help
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question