Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

need urgent response please

I have a problem with my company network.

We have a class c network 192.168.1.0 the company wants the 192.168.1.64 -192.168.1.96 address space (executives) to have full internet connectivity while limiting other users access only to smtp and pop3.I configured the following lists and port address translation. The executives where able to access the internet but other users were not able to send mail with smtp or pop3.

access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq smtp

access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq pop3

access-list 101 permit ip 192.168.1.64 0.0.0.31 any

However if if i change the users ip address to one of the executives and access the internet and then change it back to the same address they areable to send mail trough smtp or pop3

Iwantthe executives to access the internet and at the same time ordinary users to omly send mail with smtp and pop3

I need help

1 REPLY
Silver

Re: need urgent response please

What DNS servers do the clients use? If they are not on the local subnet, then the mail client might depend on DNS to resolve the mail server hostnames to IP addresses, and that could be the problem.

A good way to test is to add:

access-list 101 deny ip host test.host.ip.address any log

Where test.host.ip.address is your test PC. Open the mail client, and wait for it to timeout/report the error. Then look at the log.

96
Views
0
Helpful
1
Replies
CreatePlease login to create content