03-05-2009 01:26 AM - edited 03-11-2019 08:00 AM
Hi,
i cannot access the mail server from internet. can anyone help.
following is the setup:
PIX outside interface connected to INTERNET.
PIX inside interface connected to LAN Router.
Router interface connected to switch.
Email server having ip 10.2.1.5 connected to switch.
at pix:
access-list 100 extended permit tcp any host 210.x.x.x eq smtp
access-list 100 extended permit tcp any host 210.x.x.x eq ftp
access-group 100 in interface outside.
static (inside,outside) 210.x.x.x 10.2.1.5 netmask 255.255.255.255
static (inside,outside) 210.X.x.x 10.2.1.6 netmask 255.255.255.255
Problem:
can't access the email server via 210.X.x.x from internet.
syslog message shows that
deny udp source outside-----by access group 100.
can anyone help.
Thanks in advance
03-05-2009 01:56 AM
Hi,
The syslog message is saying "deny udp source", however ACL 100 only has TCP statements. Try to find out exactly what the UDP traffic is and allow it if needed.
Regards
03-05-2009 03:08 AM
Also i recived following message:
TCP access denied by ACL from :ip from internet/18989 to outside:pix interface(public) ip/80
03-05-2009 05:28 AM
are you seeing any hits against the access-list 100 extended permit tcp any host 210.x.x.x eq smtp ace
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: