?
Solved

How to Allow POP and IMAP through Cisco 5505 from specific public outside IP addresses

Posted on 2009-05-15
5
Medium Priority
?
547 Views
Last Modified: 2012-05-07
Hi all -

Please advise commands to allow pop and imap connections in to Exchange server from two public ip address only.

Many thanks
0
Comment
Question by:ZenRoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24397478
Instead of this which is probably what you currently have (or something similar):

access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq imap

Do this instead:

access-list outside_access_in extended permit tcp host x.x.x.x interface outside eq pop3
access-list outside_access_in extended permit tcp host y.y.y.y interface outside eq imap

Remove the existing rules allowing "any".
0
 

Author Comment

by:ZenRoots
ID: 24398164

Thanks JFrederick29

This seems to be what I want... please confirm the following syntax breakdown:

access-list outside_access_in extended permit tcp host x.x.x.x interface outside eq pop3
 
The access-list name = outside_access_in
Type = extended
Rule = permit
tcp protocol = pop3
IP address of external host = x.x.x.x
interface name = outside
eq = protocol (default port)

In "plain" english this allows external host x.x.x.x access via the ASA's outside interface using the pop3 port (110)


this access-list is used in conjunction with:
 
static (inside,outside) tcp interface pop3 xx.xx.xx.xx pop3 netmask 255.255.255.255

Is this interpertation correct?

Many thanks,
ZenRoots
 
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1000 total points
ID: 24398184
Yes, correct, exactly right.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24398193
Just remember to remove the old rules allowing "any" once the new rules are in place.
0
 

Author Closing Comment

by:ZenRoots
ID: 31582003
Thanks JFrederick29   Very concise and clear anwsers.  
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question