Solved

Access e-mail behind a Cisco Pix 501 appliance

Posted on 2007-12-06
4
198 Views
Last Modified: 2013-12-04
The network consists of a server running Windows 2000 server that also hosts Merak 8.1 mail server.  One can VPN in and use remote desktop on any work station.  The e-amil sends fine, and all accounts can be accessed behind the Pix 501 [inside of network].  The mail server can be ping from the outside and the static IP of the PIX501 outside responds.  When the mail is attempted to be retreived from outside the server, the server is not found.  Should there be a statement to allow POP3 access to the server?  If so, how would it be added?
sh run
 
: Saved
 
:
 
PIX Version 6.3(5)
 
interface ethernet0 auto
 
interface ethernet1 100full
 
nameif ethernet0 outside security0
 
nameif ethernet1 inside security100
 
enable password 8Ry2YjIyt7RRXU24 encrypted
 
passwd 2KFQnbNIdI.2KYOU encrypted
 
hostname pixfirewall
 
domain-name ciscopix.com
 
fixup protocol dns maximum-length 512
 
fixup protocol ftp 21
 
fixup protocol h323 h225 1720
 
fixup protocol h323 ras 1718-1719
 
fixup protocol http 80
 
fixup protocol pptp 1723
 
fixup protocol rsh 514
 
fixup protocol rtsp 554
 
fixup protocol sip 5060
 
fixup protocol sip udp 5060
 
fixup protocol skinny 2000
 
no fixup protocol smtp 25
 
fixup protocol sqlnet 1521
 
<--- More --->
              
fixup protocol tftp 69
 
names
 
access-list outside_access_in permit tcp any host 24.109.136.247 eq pptp 
 
access-list outside_access_in permit gre any host 24.109.136.247 
 
access-list outside_access_in permit tcp any host 24.109.136.247 eq smtp 
 
access-list 100 permit icmp any any 
 
access-list outside_in permit gre any host 24.109.136.247 
 
access-list outside_in permit tcp any host 24.109.136.247 eq pptp 
 
pager lines 24
 
logging buffered debugging
 
mtu outside 1500
 
mtu inside 1500
 
ip address outside 24.109.136.247 255.255.254.0
 
ip address inside 192.168.99.1 255.255.255.0
 
ip audit info action alarm
 
ip audit attack action alarm
 
pdm location 192.168.99.0 255.255.255.0 inside
 
pdm logging informational 100
 
pdm history enable
 
arp timeout 14400
 
global (outside) 1 interface
 
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
 
static (inside,outside) tcp interface pptp 192.168.99.250 pptp netmask 255.255.255.255 0 0 
 
static (inside,outside) tcp interface smtp 192.168.99.250 smtp netmask 255.255.255.255 0 0 
 
<--- More --->
              
access-group outside_access_in in interface outside
 
route outside 0.0.0.0 0.0.0.0 24.109.136.1 1
 
timeout xlate 0:05:00
 
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
 
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
 
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
 
timeout uauth 0:05:00 absolute
 
aaa-server TACACS+ protocol tacacs+ 
 
aaa-server TACACS+ max-failed-attempts 3 
 
aaa-server TACACS+ deadtime 10 
 
aaa-server RADIUS protocol radius 
 
aaa-server RADIUS max-failed-attempts 3 
 
aaa-server RADIUS deadtime 10 
 
aaa-server LOCAL protocol local 
 
http server enable
 
http 192.168.99.0 255.255.255.0 inside
 
no snmp-server location
 
no snmp-server contact
 
snmp-server community public
 
no snmp-server enable traps
 
floodguard enable
 
telnet timeout 5
 
ssh 0.0.0.0 0.0.0.0 outside
 
ssh timeout 5
 
<--- More --->
              
console timeout 0
 
dhcpd address 192.168.99.2-192.168.99.129 inside
 
dhcpd lease 3600
 
dhcpd ping_timeout 750
 
dhcpd auto_config outside
 
terminal width 80
 
Cryptochecksum:06244c87aa015e97648956d0c4fbe096
 
: end
 
 
pixfirewall#

Open in new window

0
Comment
Question by:wilf_thorburn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 20425347
Yes, if your external e-mail clients are using POP3 as their mail download protocol, then you will need to open up POP3 for the public translated address of your internal e-mail server.  Here's how:

static (inside,outside) tcp interface pop3 192.168.99.250 pop3 netmask 255.255.255.255
access-list outside_access_in permit tcp any interface outside eq pop3

When using port forwarding with a single public IP address attached to the outside interface, you really should use the syntax I gave above in your access list statements, i.e. "interface outside" instead of "host <outside_ip_address>", but as I always say, if it's not broken, don't fix it!

Give those commands a try and see if that helps...
0
 

Author Comment

by:wilf_thorburn
ID: 20425462
One more question - how do I edit the run file?  I can access the console, enter enable to get to the area that I can issue the sh run commands, etc.  I think I have to edit the run and then copy it to the start.  Could you provide the commands to complete the edit.  It has been a while since I was assisted with the original set up.

thanks
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20425482
Sure, no problem.

Once you're in enable mode, issue the command:

conf t

to enter configuration mode.  Your prompt will change from:

pixfirewall#

to

pixfirewall(config)#

Once you're in configuration mode, you can enter the commands from my previous post.  To save the running configuration to the startup configuration (as you alluded to in your post), type in the following command:

wr mem

Good luck!
0
 

Author Closing Comment

by:wilf_thorburn
ID: 31413333
Thanks for your prompt responce.  It works perfect.  
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question