Description : connected to My ISP Router FOR INTERNET Connection. .
IP Address of this Interface : 22.214.171.124 / 255.255.255.248
2. Fast Ethernet 0 /1 :-
Description : connected to My Cisco Switch For Connect devices
IP Address of this Interface : 126.96.36.199 / 255.255.255.248.
The Access List which implemented on it : ip access-group 103 out
The IP Schema for My Company which the ISP Has assign it to me was the following :-
< First Network > :-
Which is assign only to the Interface F0/0 :-
< 188.8.131.52 ? UP TO 184.108.40.206 >
< Second Network >
Which is assign only to the Interface F0/1 :-
< 220.127.116.11 ? UP TO 18.104.22.168 > .
The Route for My traffic is < IP Route 0.0.0.0 0.0.0.0 22.214.171.124 > .
The Cable which is getting out from Interface F 0 / 1, is plugged in UNMANAGED Switch in Port 2 to connect other devices with Network 2 like My Firewall and MY CEO PC under real IP as well .
The FIREWALL Called Fortigate and its configuration as following:-
First Nic :-
IP : 126.96.36.199
SM : 255.255.255.248
GW : 188.8.131.52.
IP Address : 192.168.1.00
SM : 255.255.255.0
All the Users in My LAN Configured to use the FW as NAT , and all of them are configured with it?s as GATEWAY.
Our E-mail Server is Hosted Out side, and we are using the POP3 & SMTP to access it. We do not have exchange server at all,
POP3 : 184.108.40.206
SMTP : 220.127.116.11
There is No any Restriction at all on the Firewall to disable any traffic or stop any thing at all, and every thing is Open in the Inbound & Outbound interfaces on the Firewall.
1 PC is located not behind the firewall at all, but they are located behind the Interface F 0 / 1 .
The setting of this PC as following :-
< IP : 18.104.22.168 ? SM : 255.255.255.248 ? GW : 22.214.171.124 ? DNS : 126.96.36.199 > .
This User is reported to me that, he is unable to download his E-mails through POP3, but able to send using SMTP.
All the other users who using Firewall, able to send and receive using POP3 & SMTP without any Problem at all.
He is only the one who have this Problem.
Even if I change the IP and put any other IP from the Second Network, we found the same Problem.
The Access List as following :-
access-list 103 permit tcp any host 188.8.131.52 eq smtp.
access-list 103 permit tcp any host 184.108.40.206 eq pop3.
access-list 1 permit 220.127.116.11 0.0.0.7.
access-list 1 permit 18.104.22.168 0.0.0.7.
access-list 103 permit ip any any.
if you look to the first access list, it meaning like that :
The Router have an extended access list called 103, to permit the TCP Protocol, on Port 25 from any source to this Destination 22.214.171.124 only, as if the POP3 Server & SMTP Server is 126.96.36.199. while this is not the situation at all.
And the same but for POP3.
And I open every thing on Protocol IP From any where to any where .
1- Now, could be the Problem of this user who is using Real IP behind Interface F 0 /1 , the first access list ?
Because its only open smtp for this host only 188.8.131.52 , which is MY FIREWALL ?
Could it be ?
But in the same time, I enable or I open every thing on this access list , so I am getting confused .
2- what will happen if I wrote a special Access-list to enable only this IP like that :-
Access-list 103 permit tcp host 184.108.40.206 any eq SMTP
Access-list 103 Permit tcp host 220.127.116.11 any eq POP3.
3- or should I wrote an access-list to open the POP3 Server which is 18.104.22.168 to this user only like that :-
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...