Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access to Microsoft SMTP server breaks via my Cisco 837

Hi

I cannot authenticate with my Microsoft SMTP server when traffic flows through my 837 router.

I've found the 'no fixup protocol smtp 25' command, which seems only to be appropriate for PIX.

Is there an equivalent for my router?

Any info much appreciated.

Thanks

Gareth

6 REPLIES
Gold

Re: Access to Microsoft SMTP server breaks via my Cisco 837

are you using outlook trying to connect exchange server from the internet? if so, you need to configure an acl permitting tcp port 143 as well as a static statement.

e.g.

ip nat inside source static tcp 143 143

access-list 111 permit tcp any host eq 143

however, may i suggest that this setup is not very secure. i would either setup remote vpn access on the router (remote user connect to exchange server via ipsec tunnel) or setup owa.

New Member

Re: Access to Microsoft SMTP server breaks via my Cisco 837

Hi Guys

Thanks for the messages. I'm collecting email via POP3 from Outlook clients, which works fine, it's the authentication for outgoing SMTP that fails. Relaying through a server that requires no authentication works fine.

I've got...

ip inspect name DEF-INSPECT smtp

... and on my dialer....

ip inspect DEF-INSPECT out

I'm a bit of a newbie, sorry if this post is unclear.

New Member

Re: Access to Microsoft SMTP server breaks via my Cisco 837

Just try to remove the ip insect name DEF-INSPECT smtp command and test if it works..

Vincent

New Member

Re: Access to Microsoft SMTP server breaks via my Cisco 837

Hi Vincent

Thanks for the reply. I'll give that a try.

If I telnet to my mailserver on port 25 that sits on the internet, and issue a command that isn't (HELO, MAIL, RCPT, DATA, RSET, NOOP or QUIT), I should just see an 'OK' yeah?

Once I remove the "ip insect name DEF-INSPECT smtp" command, I should get no OK message when I issue commands that are not part of the above set (RFC821)?

Thanks

Gareth

New Member

Re: Access to Microsoft SMTP server breaks via my Cisco 837

Hi,

Assuming you are running an IOS firewall image and have CBAC setup, you should look for the following:

-ip inspect name anyname smtp timeout 3600

This would also require the inspection named 'anyname' applied to the inside interface.

interface Ethernet0/0

ip inspect anyname in

..

Simply entering 'no ip inspect name anyname smtp' turns of SMTP inspection.

If you are not running above setup my best quess is that you are hitting an ACL or a NAT issue as described by jacko.

Vincent

Silver

Re: Access to Microsoft SMTP server breaks via my Cisco 837

I came across a similar problem last week, looking through the forum i found out that there is a bug on certain versions of IOS that prevents exteral hosts accessing internal when running CBAC (ip inspect).

This may not be relevant to you but might be worth a look

Have a look here:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=

General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.eeaac1

1/0#selected_message

and here:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec78231&Submit=Search

HTH

Paddy

161
Views
0
Helpful
6
Replies
CreatePlease to create content