Firewalling&__MicrosoftOutlook

Unanswered Question
Jul 28th, 2008
User Badges:

Hi Security team,


Its very strange to say that microsoft outlook is not function because of firewall. Hopefully it should not !! but what happens is - mails are not getting downloaded or sent via outlook express from Local Lan. With the same outlook configuration and when Datacard is being used, it works perfectly.


Attaching the error message and firewall configuration

NB-Public ips configured are not the real ips ..


webmail is working from the local lan& only outlook is not !!!


Pls help !!


regards

Rajesh P



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Mon, 07/28/2008 - 11:16
User Badges:
  • Red, 2250 points or more

Where is the email server and clients? (Zone) What are the IPs?


Regards


Farrukh

Sec IT Tue, 07/29/2008 - 09:30
User Badges:

Hi,


mail server is outside the firewall (not in this network), its a public server. clients are from Inside (192.168.4.0)


regards

Rajesh P

jiangu Mon, 07/28/2008 - 13:40
User Badges:

I would turn off smtp inspection before try anything else.

Sec IT Tue, 07/29/2008 - 09:28
User Badges:

Its already turned off

no inspect esmtp

Sec IT Tue, 07/29/2008 - 21:56
User Badges:

Hi Team -- Can anyone help me out on this please...


regards

Rajesh P

angusr Tue, 07/29/2008 - 22:38
User Badges:

static (dmz,inside) 10.10.10.10 10.10.10.10 netmask 255.255.255.255


Sec IT Wed, 07/30/2008 - 00:45
User Badges:

The mail server is not in DMZ/Inside. Its a public mail server which is located outside the network.


We can skip thinking of DMZ in this scenario..

angusr Wed, 07/30/2008 - 05:30
User Badges:

So are you using MS Exchange ports or SMTP/POP3? If Exchange, could ISP be blocking ports? What's the "Datacard" and why does this work when using it? Could you setup VPN with mail server/mail server's network?

Sec IT Thu, 07/31/2008 - 19:20
User Badges:

I have resolved the problem by myself...


I have connected the laptop directly to the modem with the ip address as that of firewall public ip. Then i was able to access mails thru outlook..


This means it needs a public ip..


So, I did a PAT for the entire Local Lan segment. Now outlook is working fine without any problem.


New problem is that, for machines configured as DHCP are not able to receive mails. where are those with static does not have any problem.


Earlier i had configured PAT only for Proxy servers, because, client should access internet thru only proxy.


Anyways my problem is resolved.


Maybe this session will helpful for others...



Thanks to All who participated in this session...



regars

Rajesh P

[email protected]

Farrukh Haroon Thu, 07/31/2008 - 19:39
User Badges:
  • Red, 2250 points or more

Well OWA would use the proxy server as it is accessed through the web browse, the Outlook client does not use the proxy server (at least by default). You could setup RPC over HTTPS if you want to use the proxy.


DHCP clients will also work, your current NAT statements only allow NAT/PAT for one IP:


access-list 128 extended permit ip host 192.168.4.250 any


Regards


Farrukh


Sec IT Fri, 08/01/2008 - 10:13
User Badges:

Now it is


access-list 128 extended permit ip 192.168.4.0 255.255.255.0 any


But still dhcp configured machines are not receiving the mails properly..


once made to static, it works....

Farrukh Haroon Fri, 08/01/2008 - 11:49
User Badges:
  • Red, 2250 points or more

The DHCP client pool = what?


Regards


Farrukh

Actions

This Discussion