Mail server not accessible through domain name from Inside network

Unanswered Question
Dec 2nd, 2007

Hi,

I have the following problem;

I have installed an ASA firewall on my Internet perimeter which protects our users and mail server.

The mail server is now not accessible through the web browser (mail.ourdomain.com). I have allowed all the necessary ports (25, 110, 80) and static PAT to the ports.

The mail server has the same public IP address as the Firewall outside interface.

I have also tried DNS docturing to no avail.

What am I missing?

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x object-group MAIL_SERVICES log

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x eq www

access-list IF_OUTSIDE_IN extended permit icmp any any object-group ICMP_SERVICES

MAIL_SERVICES = 25, 110

interface Ethernet0/0

nameif IF_OUTSIDE

security-level 0

ip address x.x.x.x 255.255.255.248

mail.ourdomain.com = x.x.x.x

global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1 0.0.0.0 0.0.0.0

static (IF_INSIDE,IF_OUTSIDE) tcp interface pop3 y.y.y.y pop3 netmask 255.255.255.255

static (IF_INSIDE,IF_OUTSIDE) tcp interface smtp y.y.y.y smtp netmask 255.255.255.255

static (IF_INSIDE,IF_OUTSIDE) tcp interface www y.y.y.y www netmask 255.255.255.255 dns

y.y.y.y = Mail server Private

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
edwardwaithaka Sun, 12/02/2007 - 05:57

Forgot to mention, Mail server can't send or receive mail to the world.

Users can browse the Internet using;

nat-control

global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1 0.0.0.0 0.0.0.0

husycisco Sun, 12/02/2007 - 07:39

I would start from the beginning, if the MX record really points to x.x.x.x by ping mail.yourdomain.com . You permitted ICMP so you should get replies.

A sanitized config of ASA would be really helpfull.

Actions

This Discussion