need urgent response please

Unanswered Question
Apr 20th, 2007

I have a problem with my company network.

We have a class c network 192.168.1.0 the company wants the 192.168.1.64 -192.168.1.96 address space (executives) to have full internet connectivity while limiting other users access only to smtp and pop3.I configured the following lists and port address translation. The executives where able to access the internet but other users were not able to send mail with smtp or pop3.

access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq smtp

access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq pop3

access-list 101 permit ip 192.168.1.64 0.0.0.31 any

However if if i change the users ip address to one of the executives and access the internet and then change it back to the same address they areable to send mail trough smtp or pop3

Iwantthe executives to access the internet and at the same time ordinary users to omly send mail with smtp and pop3

I need help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

What DNS servers do the clients use? If they are not on the local subnet, then the mail client might depend on DNS to resolve the mail server hostnames to IP addresses, and that could be the problem.

A good way to test is to add:

access-list 101 deny ip host test.host.ip.address any log

Where test.host.ip.address is your test PC. Open the mail client, and wait for it to timeout/report the error. Then look at the log.

Actions

This Discussion