Mail server not accessible through domain name from Inside network

Unanswered Question
Dec 2nd, 2007
User Badges:

Hi,


I have the following problem;

I have installed an ASA firewall on my Internet perimeter which protects our users and mail server.


The mail server is now not accessible through the web browser (mail.ourdomain.com). I have allowed all the necessary ports (25, 110, 80) and static PAT to the ports.


The mail server has the same public IP address as the Firewall outside interface.


I have also tried DNS docturing to no avail.


What am I missing?



access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x object-group MAIL_SERVICES log

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x eq www

access-list IF_OUTSIDE_IN extended permit icmp any any object-group ICMP_SERVICES


MAIL_SERVICES = 25, 110


interface Ethernet0/0

nameif IF_OUTSIDE

security-level 0

ip address x.x.x.x 255.255.255.248


mail.ourdomain.com = x.x.x.x


global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1 0.0.0.0 0.0.0.0

static (IF_INSIDE,IF_OUTSIDE) tcp interface pop3 y.y.y.y pop3 netmask 255.255.255.255

static (IF_INSIDE,IF_OUTSIDE) tcp interface smtp y.y.y.y smtp netmask 255.255.255.255

static (IF_INSIDE,IF_OUTSIDE) tcp interface www y.y.y.y www netmask 255.255.255.255 dns


y.y.y.y = Mail server Private


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
edwardwaithaka Sun, 12/02/2007 - 05:57
User Badges:

Forgot to mention, Mail server can't send or receive mail to the world.


Users can browse the Internet using;


nat-control

global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1 0.0.0.0 0.0.0.0

husycisco Sun, 12/02/2007 - 07:39
User Badges:
  • Gold, 750 points or more


I would start from the beginning, if the MX record really points to x.x.x.x by ping mail.yourdomain.com . You permitted ICMP so you should get replies.

A sanitized config of ASA would be really helpfull.

Actions

This Discussion