Mark Lewis
asked on
Problems getting POP email accounts working on iPhone inside corporate wifi
This one is a bit strange. We went from simple wifi, going out a secondary DSL line, to a Meraki system connected to our internal domain going out our main internet connection. The biggest difference is crappy little router firewall vs our corporate firewall. Once we started using Meraki for wifi access, the ability to connect to AT&T, charter, AOL, Yahoo, Gmail or any other email system beside our internal exchange server fails. Here's were it gets strange: I can access Gmail through the Gmail app but if I put the same account in the Mail app, it will not connect. Some accounts like Time Warner and Charter do not have a mail app so its not an option. My assumption is the corp firewall needs some ports opened since I am assuming the apps use port 80 and would be able to get through. Other than that, I am at a loss as to whether this is maybe a Meraki issue or a general networking issue. Thanks for any help.
masnrock
You need to create a rule on the Meraki to allow loopback connections (in simpler terms, allow devices in the network to make connections to your public IP). Corporate firewalls are more prone to stop this by default than home routers are.
Most likely your corporate router is blocking the ports needed for each service. 993 and 587 should get imap and smtp over ssl to work which is what most of those use.
ASKER
So I opened ports 110, 143, 993 and 995 (secure and non secure POP and IMAP) but no dice. It's strange because Internet access works fine as well as the email apps, just not the Mail app. I forgot to mention, it works fine if I take it off the Meraki WiFi and go cellular. Has to be something blocking traffic.
The reason that did not fix it is because that isn't the problem. If the problem was purely ports, then nobody would have been able to connect to the mail server from the inside or outside.
Your problem is people connecting from inside the network to the mail server. Therefore you need to allow connections from the LAN to your public IP address. This is known as a loopback connection.
This is the logic:
Source: 192.168.0.1/24 (or whatever network applies to your wireless network)
Destination: Public IP address of the server
Source port: any
Destination port: any ports that need to be open, including those of mail server
Your problem is people connecting from inside the network to the mail server. Therefore you need to allow connections from the LAN to your public IP address. This is known as a loopback connection.
This is the logic:
Source: 192.168.0.1/24 (or whatever network applies to your wireless network)
Destination: Public IP address of the server
Source port: any
Destination port: any ports that need to be open, including those of mail server
Mansrock, that isn't the problem. The problem is connecting to EXTERNAL mail servers from the lan.
it's something in the firewall, or even the Meraki those can block ports too. Blocking ports, nat rules pushing those ports only to exchange, etc... But without the firewall config we can only speculate on the exact issue.
it's something in the firewall, or even the Meraki those can block ports too. Blocking ports, nat rules pushing those ports only to exchange, etc... But without the firewall config we can only speculate on the exact issue.
I misread a section, my mistake.
What types of outbound rules are on the Meraki? It will come down to things like that, or Web filtering.
What types of outbound rules are on the Meraki? It will come down to things like that, or Web filtering.
No worries, I do that all the time especially when answering multiple similar questions ;)
I agree Your advice was spot on if the problem was what you thought it was.
I agree Your advice was spot on if the problem was what you thought it was.
ASKER
Thanks guys, yea, a simple internal DNS entry mapping my external hostname to the internal Exchange server caused that.
Meraki config is straight forward, nothing going on:
Unfortunately, my firewall is managed by my provider.
Meraki config is straight forward, nothing going on:
Unfortunately, my firewall is managed by my provider.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.