Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

accessing mail server from Internet via pix

Hi,

i cannot access the mail server from internet. can anyone help.

following is the setup:

PIX outside interface connected to INTERNET.

PIX inside interface connected to LAN Router.

Router interface connected to switch.

Email server having ip 10.2.1.5 connected to switch.

at pix:

access-list 100 extended permit tcp any host 210.x.x.x eq smtp

access-list 100 extended permit tcp any host 210.x.x.x eq ftp

access-group 100 in interface outside.

static (inside,outside) 210.x.x.x 10.2.1.5 netmask 255.255.255.255

static (inside,outside) 210.X.x.x 10.2.1.6 netmask 255.255.255.255

Problem:

can't access the email server via 210.X.x.x from internet.

syslog message shows that

deny udp source outside-----by access group 100.

can anyone help.

Thanks in advance

3 REPLIES
Bronze

Re: accessing mail server from Internet via pix

Hi,

The syslog message is saying "deny udp source", however ACL 100 only has TCP statements. Try to find out exactly what the UDP traffic is and allow it if needed.

Regards

New Member

Re: accessing mail server from Internet via pix

Also i recived following message:

TCP access denied by ACL from :ip from internet/18989 to outside:pix interface(public) ip/80

Re: accessing mail server from Internet via pix

are you seeing any hits against the access-list 100 extended permit tcp any host 210.x.x.x eq smtp ace

116
Views
0
Helpful
3
Replies
CreatePlease to create content