10-24-2014 07:59 AM - edited 03-11-2019 09:59 PM
I am using ASA 5515-X version 9.1
I have created access-list to allow email servers ports from outside. The email server is having static NAT on firewall. But the access-list to ping and to allow tcp ports is not working properly. its working with any any only.
access-list outside_access_in line 2 extended permit icmp any host 203.1.1.1
access-list outside_access_in line 3 extended permit tcp any host 203.1.1.1 eq smtp
10-25-2014 12:30 AM
Hi,
I think you are missing some ports for the Email server communication.
You would be able to apply the capture on the ASA device and see the ports on which the communication works.
Then , just allow those ports.
Thanks and Regards,
Vibhor Amrodia
10-25-2014 12:48 AM
No, it was some other issue. I have sorted out, thanks anyways.
10-25-2014 12:27 PM
Please indicate what the solution was so others can benefit from the solution.
10-26-2014 11:15 PM
I applied same access-list with private ip addresses (non-mapped) and it worked.
10-25-2014 02:50 PM
Hi rizwansiddiqi,
Did you use the private (non-mapped) ip address of the email server in the access lists?
Regards,
Aref
10-26-2014 11:16 PM
yep, true.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: