Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1519
Views
0
Helpful
4
Replies

POP3 mail and PIX

tauseef
Level 1
Level 1

‎11-04-2001 06:56 AM - edited ‎02-20-2020 09:53 PM

Hi All,

I have a mail server on my LAN , PIX on the outside, and then the ROUTER and then the rest of the WORLD :).

The users can access Mail , send and receive mail , but when they try to log on to the mail server from their house Using outlook express, it says cannot connect to server,but surprisingly it can Ping the Public IP of the mail server from outside ...??

I am using access list and for the mail server have given as ...

access-list aclout permit tcp any host <public IP> eq smtp

also given

access-list aclout permit tcp any host <public IP> eq pop3

but nope .... any clues ....any one hearing ...

thanx in advance !

bye .

Tauseef

tauseef@cadgulf.com

0 Helpful
4 Replies 4

paland
Level 1
Level 1

‎11-04-2001 08:47 AM

When you say "when they try to log on to the mail server" are you talking login through smtp or pop3?

If smtp try turning off the smtp fixup as it doesn't allow the esmtp commands through (at least it didn't use to).

0 Helpful

paland
Level 1
Level 1
In response to paland

‎11-04-2001 08:48 AM

sorry to re-reply.

You might also try telnetting to the mailserver on ports 110 and 25 and seeing if you can connect.

0 Helpful

exigent
Level 1
Level 1

‎11-04-2001 10:10 AM

You have to use the private (LAN) IP address of the host not the public. You should have previously defined the one-to-one static mapping between the public and private IP in a STATIC statement.

Also, the original posting did not include that you meant Public IP. I think it is because it was between "< >" signs so maybe the web browser thought it was HTML code. I guess it's a question for Cisco's web masters.

Sincerely,

Alex Zaltsman

0 Helpful

elehman
Level 1
Level 1

‎11-09-2001 07:12 PM

Do you guys look at the TAC center or what? Please look at http://www.cisco.com/warp/public/110/mailserver_in.html. you need to have a static as well as an ACL, or a conduit opening pop3 and smtp INBOUND. It looks from above that you have it enabled outbound only.

For example:

access-list smtp permit tcp any host 209.164.3.5 eq smtp

static (inside,outside) 209.164.3.5 192.168.2.57 netmask 255.255.255.255

access-group smtp in interface outside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card