Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
840
Views
0
Helpful
9
Replies

Csico 1812 on timico network

ramesys12
Level 1
Level 1

‎08-25-2006 07:21 AM

Hello everyone,

I posted this in the firewall forum I think it was not the right place to do so.

I am trying to forward pop3 to the same ip as the smtp server and it simply does not work can anyone pelase help.

SMTP works ok

HTTPS works ok

POP? does not work *************

** config attached **

cheers

Labels:
Preview file
40 KB
0 Helpful
9 Replies 9

mhankus
Level 1
Level 1

‎08-27-2006 12:32 PM

I'm not sure how the traffic flows, but one thing is for sure wrong. Take a look at your ACL 105. Last entries int it look like this:

access-list 105 deny ip host 0.0.0.0 any log

access-list 105 permit icmp host 195.54.228.153 host 1.1.1.1 echo-reply log

access-list 105 deny ip any any log

access-list 105 permit tcp any host 1.1.1.1 eq pop3

You must move last line a few entries up, so that it will have a chance to permit something, because, tight now no traffic can reach this line.

0 Helpful

ramesys12
Level 1
Level 1
In response to mhankus

‎08-29-2006 04:24 AM

you are an absolute star I knew I was missing out on something :)

I will make that change

the rotuer config is a bit confusing thansk to Timico :( there suggestion has resulted in the comlex routing and ACL

cheers

0 Helpful

raulzulueta
Level 1
Level 1
In response to ramesys12

‎08-28-2010 01:25 PM

How do I move access-list lines up. For example, my last line for access-lit 101 is deny ip any any .

I need to add a permit line but it keeps on showing up below the last deny ip any any line.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to raulzulueta

‎08-28-2010 01:35 PM

Hello,

You need to edit it using "ip access-list extended" command:

Step 1:

Issue "show access-list" command and note down the line number for the deny

statement.

example: show access-list 101

10 permit ip host 192.168.10.1 any

20 permit tcp any any eq www

30 deny ip any any

Here the line number is 30.

Step 2:

Insert the new line before the deny statement using "ip access-list

extended" command

example:

ip access-list extended 101

25 permit tcp any any eq https

show access-list 101

10 permit ip host 192.168.10.1 any

20 permit tcp any any eq www

25 permit tcp any any eq https

30 deny ip any any

Hope this helps.

Regards,

NT

0 Helpful

raulzulueta
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-28-2010 02:00 PM

Yes that helps.

Thank you.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to raulzulueta

‎08-28-2010 02:12 PM

Hello,

Glad that it worked out for you. Please mark the question as answered so

somebody else can make use of the information in the future.

Regards,

NT

0 Helpful

raulzulueta
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-28-2010 02:25 PM

I would be glad to mark is as correct. Where do I do that. It does not present itself. I

know I have done this before but I do not see the button to mark as correct answer

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to raulzulueta

‎08-28-2010 04:04 PM

Hello,

I guess when you are logged in, you can click on the stars below the rate

and also have an option to say if the answer posted helped you or not.

Regards,

NT

0 Helpful

marikakis
Level 7
Level 7
In response to raulzulueta

‎08-28-2010 04:30 PM

Hi,

It seems that you used 2 different accounts to respond to this thread. Only author can see the option of marking issue as resolved. You need to login with the identity you used for the original post.

Hope this helps,

Maria

0 Helpful
Customers Also Viewed These Support Documents