Mail server not accessible through domain name from Inside network

Unanswered Question
Dec 2nd, 2007
User Badges:


I have the following problem;

I have installed an ASA firewall on my Internet perimeter which protects our users and mail server.

The mail server is now not accessible through the web browser ( I have allowed all the necessary ports (25, 110, 80) and static PAT to the ports.

The mail server has the same public IP address as the Firewall outside interface.

I have also tried DNS docturing to no avail.

What am I missing?

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x object-group MAIL_SERVICES log

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x eq www

access-list IF_OUTSIDE_IN extended permit icmp any any object-group ICMP_SERVICES


interface Ethernet0/0


security-level 0

ip address x.x.x.x = x.x.x.x

global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1

static (IF_INSIDE,IF_OUTSIDE) tcp interface pop3 y.y.y.y pop3 netmask

static (IF_INSIDE,IF_OUTSIDE) tcp interface smtp y.y.y.y smtp netmask

static (IF_INSIDE,IF_OUTSIDE) tcp interface www y.y.y.y www netmask dns

y.y.y.y = Mail server Private

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
edwardwaithaka Sun, 12/02/2007 - 05:57
User Badges:

Forgot to mention, Mail server can't send or receive mail to the world.

Users can browse the Internet using;


global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1

husycisco Sun, 12/02/2007 - 07:39
User Badges:
  • Gold, 750 points or more

I would start from the beginning, if the MX record really points to x.x.x.x by ping . You permitted ICMP so you should get replies.

A sanitized config of ASA would be really helpfull.


This Discussion