?
Solved

Setup Cisco Pix506 for IMAP4 and SMTP (Ports 143,25, and 993)

Posted on 2007-11-21
2
Medium Priority
?
929 Views
Last Modified: 2010-04-21
Experts

I have a Cisco Pix506 that i need to setup to open ports and allow access for IMAP4, SMTP, and SSL IMAP4.  I know the ports are 143, 25, and 993 respectively  I am in the Cisco router, but am not sure of what the configuration lines to add to open these ports and allow access.

Here is what is in the config thus far, which leads me to believe I have SMTP (port 25) covered, I just need help adding the rest.

.....
fixup protocol dns maximum-length 640                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol ils 389                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
access-list 101 permit tcp any any eq smtp                                          
access-list 101 permit tcp any any eq 3389                                          
access-list 101 permit tcp any any eq www                                        
access-list 101 permit tcp any any eq pop3                                          
access-list 101 permit tcp any any eq https
.....  
0
Comment
Question by:Jaceallan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 2000 total points
ID: 20337235
Here are the commands to allow those 3 ports inbound:

access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq 993
access-group 101 in interface outside

Now, having said that, there's one other aspect that we haven't covered here and that is that those commands above allow inbound traffic on those 3 ports to ANY destination, which I don't recommend.  I would identify the specific hosts on your network that you want to allow that traffic to, create static translations for them and then put in the commands above referencing those specific destination hosts.

For instance, say you have a single SMTP server that you want to allow those ports inbound to and it's internal IP address is 192.168.1.20.  You also have a public IP address assigned to you by your ISP of 7.7.7.7 (just an example, of course).  You will need to translate 192.168.1.20 to a public IP (7.7.7.7) so that Internet traffic can be initiated to that host since that public IP is routable across the Internet and 192.168.1.20 is a private class address that is non-routable.

Assuming all of the above info, here is the list of commands you would put in to achieve that configuration:

static (inside,outside) 7.7.7.7 192.168.1.20 netmask 255.255.255.255
access-list 101 permit tcp any host 7.7.7.7 eq smtp
access-list 101 permit tcp any host 7.7.7.7 eq 143
access-list 101 permit tcp any host 7.7.7.7 eq 993
access-group 101 in interface outside

The first command above establishes the static translation between 192.168.1.20 and 7.7.7.7
Commands 2-4 configure any Internet host to send traffic to host 7.7.7.7 (that will then be translated into 192.168.1.20 when it is allowed inbound to the inside interface) on those 3 ports.
The last command applies the access list "101" to the outside interface in an inbound direction.

Hope this helps...
0
 

Author Closing Comment

by:Jaceallan
ID: 31410900
thanks..
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question