Solved

URGENT Firewall Blocking Email

Posted on 2006-10-26
7
226 Views
Last Modified: 2013-11-16
I have an ASA 5510 that may be blocking inbound email.

Will someone please post the proper configuration to allow information to pass through the firewall and forward to an ip address.  This needs to work for Email SMTP POP3 and Internet traffic for Web Exchange.

I already have names setup so you can use "SERVER" for the mail server's IP address.  The access list names are Inside_2_out and Outside_2_in.

Please post everything that needs to roll into the router so that I know I am not missing anything.

Ideally I would like a config I can paste and roll with.

Thanks,

B

0
Comment
Question by:AkuHST
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813360
static(inside,outside) SERVER <InsideIP> netmask 255.255.255.255


access-list Outside_2_in permit tcp any host SERVER eq smtp
access-list Outside_2_in permit tcp any host SERVER eq pop3
access-list Outside_2_in permit tcp any host SERVER eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17813387

Asumming Server is the internal ip address

Static (inside,outside) interface , server

access-list outside_2_in permit tcp any interface eq 25
access-list outside_2_in permit tcp any interface eq 110
access-list outside_2_in permit tcp any interface eq 80 ( assuming http or 443 for ssl )

0
 

Author Comment

by:AkuHST
ID: 17813406
Server is the inside address.   Sorry
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813443
So you don't have a separate ip address (Public IP) and are using the interface assigned ip on the PIX ? If so; do this;

static(inside,outside) tcp interface 25 SERVER 25 netmask 255.255.255.255
static(inside,outside) tcp interface 110 SERVER 110 netmask 255.255.255.255
static(inside,outside) tcp interface 80 SERVER 80 netmask 255.255.255.255 => if HTTP
static(inside,outside) tcp interface 443 SERVER 443 netmask 255.255.255.255 => if HTTPS

access-list Outside_2_in permit tcp any interface eq smtp
access-list Outside_2_in permit tcp any interface eq pop3
access-list Outside_2_in permit tcp any interface eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17813483
OK sorry again....let me post all the variables I am working with.  I was going to fill in the blanks on my own but this will be easier for you guys.

ALSO thanks for the quick response.

Public Address: 72.x.x.x
Outside Interface name: ASA-O
Inside Interface name: ASA-I
Server Address on ASA-I: SERVER

I think that should cover it, but if more would be helpful let me know.
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17813532
Why don't you make it simple man... So I'm going to assume that this 72.x.x.x ip address is not assigned your outside interface of the firewall, OKAY ?

Then do this;

static(inside,outside) 72.x.x.x SERVER netmask 255.255.255.255


access-list Outside_2_in permit tcp any host 72.x.x.x eq smtp
access-list Outside_2_in permit tcp any host 72.x.x.x eq pop3
access-list Outside_2_in permit tcp any host 72.x.x.x eq http/https (depending on what you have)

access-list Outside_2_in in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:AkuHST
ID: 17814073
Thanks for all the help
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now