Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

SMTP and POP3

Friends, i have ASA 5520 and opened SMTP and POP3 ports. I want to be sure that i did everything ok. Outside Interface IP is 1.2.3.4 and 10.0.0.10 is mail server Microsoft exchange.

I created ACL:

1) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq pop3

2) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

and static nat:

1)static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 pop3 netmask 255.255.255.255

2) static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 smtp netmask 255.255.255.255

Need advice...)))

Regards

5 REPLIES
Gold

Re: SMTP and POP3

no static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 pop3 netmask 255.255.255.255

no static (Inside,Outside) tcp 1.2.3.4 pop3 10.0.0.10 smtp netmask 255.255.255.255

static (Inside,Outside) tcp interface pop3 10.0.0.10 pop3 netmask 255.255.255.255

static (Inside,Outside) tcp interface smtp 10.0.0.10 smtp netmask 255.255.255.255

Community Member

Re: SMTP and POP3

1). static (Inside,Outside) tcp interface smtp 10.0.0.10 smtp netmask 255.255.255.255

2). static (Inside,Outside) tcp interface pop3 10.0.0.10 pop3 netmask 255.255.255.255

and my ACL is correct. i mean this static nat with this ACL is OK ...

1) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq pop3

2) access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

I creat ACL and static nat on outside interface... Am i right ... ?!

In this case with this configuration smtp and pop3 will work properly ... ?!

srue, great thanks its very kide from UR side to help me ... :))) thanks once more...

Regards

Gold

Re: SMTP and POP3

no access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq pop3

no access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

access-list Outside_access_in extended permit tcp any interface outside eq pop3

access-list Outside_access_in extended permit tcp any interface outside eq smtp

Silver

Re: SMTP and POP3

Aren't they accomplishing the same thing?

CiscoPix# sh ip

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0 outside 192.168.0.25 255.255.255.128 CONFIG

Ethernet1 inside 172.20.20.254 255.255.255.0 CONFIG

Current IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0 outside 192.168.0.25 255.255.255.128 CONFIG

Ethernet1 inside 172.20.20.254 255.255.255.0 CONFIG

CiscoPix# sh run static | i 172.20

static (inside,outside) tcp interface 222 172.20.20.1 ssh netmask 255.255.255.255

CiscoPix# sh run | i access-list External

access-list External extended permit icmp any any log

access-list External extended permit tcp any host 192.168.0.25 eq 222 log

CiscoPix#

[root@Linux-lab root]# ssh -p 222 -l admin 192.168.0.25

admin@192.168.0.25's password:

Last login: Mon Jul 7 01:57:44 2008 from 10.250.97.9

[Expert@P1-NG]#

CiscoPix# sh access-list External

access-list External; 2 elements

access-list External line 1 extended permit icmp any any log informational interval 300 (hitcnt=0) 0xa53e0e51

access-list External line 2 extended permit tcp any host 192.168.0.25 eq 222 log informational interval 300 (hitcnt=2) 0x8b240e30

CiscoPix#

Community Member

Re: SMTP and POP3

It'means that i have to change

access-list Outside_access_in extended permit tcp any host 1.2.3.4 eq smtp

access-list Outside_access_in extended permit tcp any interface outside eq smtp

But now with my config permit tcp any host 1.2.3.4 i can telnet, open 1.2.3.4 25 from Internet. and i think it work properly 'caous i can access it.

srue, i belive u and do exavtly what u said :))))

Regards

393
Views
0
Helpful
5
Replies
CreatePlease to create content