I have a basic small business setup: internet, firewall with inside, outside, dmz interfaces, and intranet including a router for subnets. I've attached the config file that I was helped with by members of the forum a few months back. (I'm not an expert). I've changed the ip addresses.
So I've finally got people on inside seeing internet and internet seeing our web server on dmz, but no mail is getting to our email server on dmz.
The static (inside,dmz) statements are so I will know who on the inside is accessing our server - maybe there is a better way but I think that is working.
Our email/web server is 10.10.2.21. We have a DNS server on the inside intranet 10.10.1.21. Our ISP DNS servers are 126.96.36.199 and .13.
In the logs, I've not found errors for smtp or pop3 specifically, but have seen the following errors:
Your static statement: I don't have a public_IP for the server - just the outside interface. I will assume you did mean the public_ip for the outside interface. Also, people outside can connect to the webserver which is the same box as the email server. Not sure if I made this clear - but I will try your static statement.
For an ACL, I will try this:
access-list dmz_int extended permit tcp host 10.10.2.21 any eq smtp
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :