Solved

URGENT Firewall Blocking Email

Posted on 2006-10-26
7
230 Views
Last Modified: 2013-11-16
I have an ASA 5510 that may be blocking inbound email.

Will someone please post the proper configuration to allow information to pass through the firewall and forward to an ip address.  This needs to work for Email SMTP POP3 and Internet traffic for Web Exchange.

I already have names setup so you can use "SERVER" for the mail server's IP address.  The access list names are Inside_2_out and Outside_2_in.

Please post everything that needs to roll into the router so that I know I am not missing anything.

Ideally I would like a config I can paste and roll with.

Thanks,

B

0
Comment
Question by:AkuHST
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813360
static(inside,outside) SERVER <InsideIP> netmask 255.255.255.255


access-list Outside_2_in permit tcp any host SERVER eq smtp
access-list Outside_2_in permit tcp any host SERVER eq pop3
access-list Outside_2_in permit tcp any host SERVER eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17813387

Asumming Server is the internal ip address

Static (inside,outside) interface , server

access-list outside_2_in permit tcp any interface eq 25
access-list outside_2_in permit tcp any interface eq 110
access-list outside_2_in permit tcp any interface eq 80 ( assuming http or 443 for ssl )

0
 

Author Comment

by:AkuHST
ID: 17813406
Server is the inside address.   Sorry
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813443
So you don't have a separate ip address (Public IP) and are using the interface assigned ip on the PIX ? If so; do this;

static(inside,outside) tcp interface 25 SERVER 25 netmask 255.255.255.255
static(inside,outside) tcp interface 110 SERVER 110 netmask 255.255.255.255
static(inside,outside) tcp interface 80 SERVER 80 netmask 255.255.255.255 => if HTTP
static(inside,outside) tcp interface 443 SERVER 443 netmask 255.255.255.255 => if HTTPS

access-list Outside_2_in permit tcp any interface eq smtp
access-list Outside_2_in permit tcp any interface eq pop3
access-list Outside_2_in permit tcp any interface eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17813483
OK sorry again....let me post all the variables I am working with.  I was going to fill in the blanks on my own but this will be easier for you guys.

ALSO thanks for the quick response.

Public Address: 72.x.x.x
Outside Interface name: ASA-O
Inside Interface name: ASA-I
Server Address on ASA-I: SERVER

I think that should cover it, but if more would be helpful let me know.
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17813532
Why don't you make it simple man... So I'm going to assume that this 72.x.x.x ip address is not assigned your outside interface of the firewall, OKAY ?

Then do this;

static(inside,outside) 72.x.x.x SERVER netmask 255.255.255.255


access-list Outside_2_in permit tcp any host 72.x.x.x eq smtp
access-list Outside_2_in permit tcp any host 72.x.x.x eq pop3
access-list Outside_2_in permit tcp any host 72.x.x.x eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17814073
Thanks for all the help
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question