cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1134
Views
0
Helpful
5
Replies

SMTP and POP3

batumibatumi
Level 1
Level 1

Friends, i have ASA 5520 and opened SMTP and POP3 ports. I want to be sure that i did everything ok. Outside Interface IP is 1.2.3.4 and 10.0.0.10 is mail server Microsoft exchange.

I created ACL:

1) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq pop3

2) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

and static nat:

1)static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 pop3 netmask 255.255.255.255

2) static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 smtp netmask 255.255.255.255

Need advice...)))

Regards

5 Replies 5

srue
Level 7
Level 7

no static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 pop3 netmask 255.255.255.255

no static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 smtp netmask 255.255.255.255

static (Inside,Outside) tcp interface pop3 10.0.0.10 pop3 netmask 255.255.255.255

static (Inside,Outside) tcp interface smtp 10.0.0.10 smtp netmask 255.255.255.255

1). static (Inside,Outside) tcp interface smtp 10.0.0.10 smtp netmask 255.255.255.255

2). static (Inside,Outside) tcp interface pop3 10.0.0.10 pop3 netmask 255.255.255.255

and my ACL is correct. i mean this static nat with this ACL is OK ...

1) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq pop3

2) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

I creat ACL and static nat on outside interface... Am i right ... ?!

In this case with this configuration smtp and pop3 will work properly ... ?!

srue, great thanks its very kide from UR side to help me ... :))) thanks once more...

Regards

no access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq pop3

no access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

access-list Outside_access_in extended permit tcp any interface outside eq pop3

access-list Outside_access_in extended permit tcp any interface outside eq smtp

Aren't they accomplishing the same thing?

CiscoPix# sh ip

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0 outside 192.168.0.25 255.255.255.128 CONFIG

Ethernet1 inside 172.20.20.254 255.255.255.0 CONFIG

Current IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0 outside 192.168.0.25 255.255.255.128 CONFIG

Ethernet1 inside 172.20.20.254 255.255.255.0 CONFIG

CiscoPix# sh run static | i 172.20

static (inside,outside) tcp interface 222 172.20.20.1 ssh netmask 255.255.255.255

CiscoPix# sh run | i access-list External

access-list External extended permit icmp any any log

access-list External extended permit tcp any host 192.168.0.25 eq 222 log

CiscoPix#

[root@Linux-lab root]# ssh -p 222 -l admin 192.168.0.25

admin@192.168.0.25's password:

Last login: Mon Jul 7 01:57:44 2008 from 10.250.97.9

[Expert@P1-NG]#

CiscoPix# sh access-list External

access-list External; 2 elements

access-list External line 1 extended permit icmp any any log informational interval 300 (hitcnt=0) 0xa53e0e51

access-list External line 2 extended permit tcp any host 192.168.0.25 eq 222 log informational interval 300 (hitcnt=2) 0x8b240e30

CiscoPix#

It'means that i have to change

access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

access-list Outside_access_in extended permit tcp any interface outside eq smtp

But now with my config permit tcp any host 1.2.3.4 i can telnet, open 1.2.3.4 25 from Internet. and i think it work properly 'caous i can access it.

srue, i belive u and do exavtly what u said :))))

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: