Access-List Critical Situation - Urgent Help is required
I have cisco router for internet 1841.
He has 2 interface as following :-
1. Fast Ethernet 0/0 :-
Description : connected to My ISP Router FOR INTERNET Connection. .
IP Address of this Interface : 126.96.36.199 / 255.255.255.248
2. Fast Ethernet 0 /1 :-
Description : connected to My Cisco Switch For Connect devices
IP Address of this Interface : 188.8.131.52 / 255.255.255.248.
The Access List which implemented on it : ip access-group 103 out
The IP Schema for My Company which the ISP Has assign it to me was the following :-
< First Network > :-
Which is assign only to the Interface F0/0 :-
< 184.108.40.206 ? UP TO 220.127.116.11 >
< Second Network >
Which is assign only to the Interface F0/1 :-
< 18.104.22.168 ? UP TO 22.214.171.124 > .
The Route for My traffic is < IP Route 0.0.0.0 0.0.0.0 126.96.36.199 > .
The Cable which is getting out from Interface F 0 / 1, is plugged in UNMANAGED Switch in Port 2 to connect other devices with Network 2 like My Firewall and MY CEO PC under real IP as well .
The FIREWALL Called Fortigate and its configuration as following:-
First Nic :-
IP : 188.8.131.52
SM : 255.255.255.248
GW : 184.108.40.206.
IP Address : 192.168.1.00
SM : 255.255.255.0
All the Users in My LAN Configured to use the FW as NAT , and all of them are configured with it?s as GATEWAY.
Our E-mail Server is Hosted Out side, and we are using the POP3 & SMTP to access it. We do not have exchange server at all,
POP3 : 220.127.116.11
SMTP : 18.104.22.168
There is No any Restriction at all on the Firewall to disable any traffic or stop any thing at all, and every thing is Open in the Inbound & Outbound interfaces on the Firewall.
1 PC is located not behind the firewall at all, but they are located behind the Interface F 0 / 1 .
The setting of this PC as following :-
< IP : 22.214.171.124 ? SM : 255.255.255.248 ? GW : 126.96.36.199 ? DNS : 188.8.131.52 > .
This User is reported to me that, he is unable to download his E-mails through POP3, but able to send using SMTP.
All the other users who using Firewall, able to send and receive using POP3 & SMTP without any Problem at all.
He is only the one who have this Problem.
Even if I change the IP and put any other IP from the Second Network, we found the same Problem.
The Access List as following :-
access-list 103 permit tcp any host 184.108.40.206 eq smtp.
access-list 103 permit tcp any host 220.127.116.11 eq pop3.
access-list 1 permit 18.104.22.168 0.0.0.7.
access-list 1 permit 22.214.171.124 0.0.0.7.
access-list 103 permit ip any any.
if you look to the first access list, it meaning like that :
The Router have an extended access list called 103, to permit the TCP Protocol, on Port 25 from any source to this Destination 126.96.36.199 only, as if the POP3 Server & SMTP Server is 188.8.131.52. while this is not the situation at all.
And the same but for POP3.
And I open every thing on Protocol IP From any where to any where .
1- Now, could be the Problem of this user who is using Real IP behind Interface F 0 /1 , the first access list ?
Because its only open smtp for this host only 184.108.40.206 , which is MY FIREWALL ?
Could it be ?
But in the same time, I enable or I open every thing on this access list , so I am getting confused .
2- what will happen if I wrote a special Access-list to enable only this IP like that :-
Access-list 103 permit tcp host 220.127.116.11 any eq SMTP
Access-list 103 Permit tcp host 18.104.22.168 any eq POP3.
3- or should I wrote an access-list to open the POP3 Server which is 22.214.171.124 to this user only like that :-
Re: Access-List Critical Situation - Urgent Help is required
Simplify your configuration, remove all ACLs on the router for testin purpose and then try use POP from your CEO PC if it works than you know it is one of your ACLs. If not then you have to contact your ISP. This is the fastest approach for you....
Another thing try to use another PC instead of your CEO PC to eliminate the possibility of PC problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :