Solved

How to Allow POP and IMAP through Cisco 5505 from specific public outside IP addresses

Posted on 2009-05-15
5
543 Views
Last Modified: 2012-05-07
Hi all -

Please advise commands to allow pop and imap connections in to Exchange server from two public ip address only.

Many thanks
0
Comment
Question by:ZenRoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24397478
Instead of this which is probably what you currently have (or something similar):

access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq imap

Do this instead:

access-list outside_access_in extended permit tcp host x.x.x.x interface outside eq pop3
access-list outside_access_in extended permit tcp host y.y.y.y interface outside eq imap

Remove the existing rules allowing "any".
0
 

Author Comment

by:ZenRoots
ID: 24398164

Thanks JFrederick29

This seems to be what I want... please confirm the following syntax breakdown:

access-list outside_access_in extended permit tcp host x.x.x.x interface outside eq pop3
 
The access-list name = outside_access_in
Type = extended
Rule = permit
tcp protocol = pop3
IP address of external host = x.x.x.x
interface name = outside
eq = protocol (default port)

In "plain" english this allows external host x.x.x.x access via the ASA's outside interface using the pop3 port (110)


this access-list is used in conjunction with:
 
static (inside,outside) tcp interface pop3 xx.xx.xx.xx pop3 netmask 255.255.255.255

Is this interpertation correct?

Many thanks,
ZenRoots
 
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 24398184
Yes, correct, exactly right.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24398193
Just remember to remove the old rules allowing "any" once the new rules are in place.
0
 

Author Closing Comment

by:ZenRoots
ID: 31582003
Thanks JFrederick29   Very concise and clear anwsers.  
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question