Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

IP IOS firewall - open ports for mail

What are the commands to allow internal NAT users access to ports 25 and 110, so they can retrieve and send internet email? I am not very familiar with the firewall commands. I can send a copy of the router config if you need it.

It appears that my users are setup through access-list 1 to browse, but I don't know exactly how to allow them to use the above listed ports.

Thanks,

john weldin

jweldin@focusbsi.com

2 REPLIES
New Member

Re: IP IOS firewall - open ports for mail

John,

Please provide your config. That would be helpful.

New Member

Re: IP IOS firewall - open ports for mail

!

hostname Cag_Intrnt

!

!

!

!

!

memory-size iomem 25

ip subnet-zero

ip name-server 198.6.1.122

ip name-server 198.6.1.142

!

ip inspect name firewall tftp

ip inspect name firewall ftp

ip inspect name firewall tcp

ip inspect name firewall udp

!

!

process-max-time 200

!

interface Loopback0

ip address 65.217.218.225 255.255.255.240

no ip directed-broadcast

ip nat outside

!

interface Serial0

description Link to Internet

no ip address

no ip directed-broadcast

encapsulation frame-relay IETF

cdp enable

frame-relay lmi-type cisco

!

interface Serial0.1 point-to-point

ip unnumbered FastEthernet0

ip access-group 101 in

no ip directed-broadcast

ip nat outside

frame-relay interface-dlci 126 IETF

!

interface Serial0.2 point-to-point

no ip directed-broadcast

!

interface FastEthernet0

ip address 10.10.1.2 255.255.0.0

ip access-group 102 in

no ip directed-broadcast

ip nat inside

!

router eigrp 1

redistribute static

network 10.0.0.0

default-metric 10000 100 255 1 1500

no auto-summary

!

ip nat pool cagles 65.217.218.227 65.217.218.236 netmask 255.255.255.240

ip nat inside source list 1 pool cagles overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0.1

ip route 65.217.218.224 255.255.255.240 Null0

ip route 192.168.0.0 255.255.255.0 FastEthernet0

ip route 192.168.25.0 255.255.255.0 10.10.1.1

no ip http server

!

access-list 1 permit 192.168.10.98

access-list 1 permit 10.10.9.9

access-list 1 permit 10.10.1.1

access-list 1 permit 130.38.91.11

!

line con 0

password 7 0205055C07031C70151A5C

login

transport input none

line aux 0

password 7 094F4F0E15000443525851

login

line vty 0 4

access-class 101 in

password 7 1414130C0001397A7D7C66

login

!

end

299
Views
0
Helpful
2
Replies
CreatePlease to create content