05-16-2007 10:12 PM - edited 03-11-2019 03:15 AM
Dear ALL
i have configured ASA 5510 v7.2.2 for PAT (for brwosing and accessing internet for local users),and also static PAT for Mail Server (MSexchange)to access their Mail server (static PAT for smtp,pop3,http,https) using only one real IP address for both PAT and static PAT, the internal users browsing & accessing internet normally but the problrem static PAT works only for SMTP,HTTP, and https and did not work for POP3 i made static PAT for POP3 and add ACL for POP3 in outside interface as i did for SMTP,HTTP, and HTTPS.
kindest Regards
05-17-2007 01:31 AM
There aren't any known issues with POP3 using interface IP as static pat. Could you please paste your configuration (statics and ACLs) and also explain in detail what exact problem are you facing with POP3?
Regards,
Vibhor.
05-17-2007 02:54 AM
name 192.168.30.30 ISA-Server description ISA Server
name 192.168.30.5 MailExchange description Mail Server
name X.X.X.X RealIPaddress
dns-guard
!
interface Ethernet0/0
nameif Outside
--------------------
the problem i can not connect to MAIL server using POP3 only.
security-level 0
pppoe client vpdn group DSL-OUT
ip address pppoe setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.30.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
access-list Outside_access_in extended permit tcp any host RealIPaddress eq https
access-list Outside_access_in extended permit tcp any host RealIPaddress eq www
access-list Outside_access_in extended permit tcp any host RealIPaddress eq pop3
access-list Outside_access_in extended permit tcp any host RealIPaddress eq smtp
global (Outside) 1 interface
nat (inside) 1 192.168.30.0 255.255.255.0
nat (management) 0 0.0.0.0 0.0.0.0
static (inside,Outside) tcp interface https MailExchange https netmask 255.255
55.255
static (inside,Outside) tcp interface www MailExchange www netmask 255.255.255
55
static (inside,Outside) tcp interface smtp MailExchange smtp netmask 255.255.2
.255
static (inside,Outside) tcp interface pop3 MailExchange pop3 netmask 255.255.2
55.255
access-group Outside_access_in in interface Outside
05-17-2007 05:44 AM
Hello,
I'm not sure what "RealIPaddress" is, however, your ACLs should be like this-
access-list Outside_access_in extended permit tcp any interface outside eq https
access-list Outside_access_in extended permit tcp any interface outside eq www
access-list Outside_access_in extended permit tcp any interface outside eq pop3
access-list Outside_access_in extended permit tcp any interface outside eq smtp
access-group Outside_access_in in interface Outside
Still, if things dont work, please let me know if we have any syslogs when connection attempt is made from outside.
Regards,
Vibhor.
05-17-2007 05:58 AM
Dear vibhor
RealIPaddress is the IP address of outside interface IP address i am now offsite i can not get syslog.
kind regards
05-17-2007 06:09 AM
Instead of actually using the IP address in the ACL, I'd recommend to use the keyword "interface outside". Once this is done, configuration looks fine to me and once we have syslogs we can pin-point if the issue is on the client side or the server side.
From the internal network itself, are you able to connect to the POP3 server?
Regards,
Vibhor.
05-17-2007 06:12 AM
Dear Vibhor
i will try do it as soon as i can and tell you.
regarding POP3 its working internally and during troublshooting i connect internet connection directly with Mailserver and all ports(POP3,HTTP,HTTPS, and SMTP) are working normally.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide