Description : connected to My ISP Router FOR INTERNET Connection. .
IP Address of this Interface : 188.8.131.52 / 255.255.255.248
2. Fast Ethernet 0 /1 :-
Description : connected to My Cisco Switch For Connect devices
IP Address of this Interface : 184.108.40.206 / 255.255.255.248.
The Access List which implemented on it : ip access-group 103 out
The IP Schema for My Company which the ISP Has assign it to me was the following :-
< First Network > :-
Which is assign only to the Interface F0/0 :-
< 220.127.116.11 ? UP TO 18.104.22.168 >
< Second Network >
Which is assign only to the Interface F0/1 :-
< 22.214.171.124 ? UP TO 126.96.36.199 > .
The Route for My traffic is < IP Route 0.0.0.0 0.0.0.0 188.8.131.52 > .
The Cable which is getting out from Interface F 0 / 1, is plugged in UNMANAGED Switch in Port 2 to connect other devices with Network 2 like My Firewall and MY CEO PC under real IP as well .
The FIREWALL Called Fortigate and its configuration as following:-
First Nic :-
IP : 184.108.40.206
SM : 255.255.255.248
GW : 220.127.116.11.
IP Address : 192.168.1.00
SM : 255.255.255.0
All the Users in My LAN Configured to use the FW as NAT , and all of them are configured with it?s as GATEWAY.
Our E-mail Server is Hosted Out side, and we are using the POP3 & SMTP to access it. We do not have exchange server at all,
POP3 : 18.104.22.168
SMTP : 22.214.171.124
There is No any Restriction at all on the Firewall to disable any traffic or stop any thing at all, and every thing is Open in the Inbound & Outbound interfaces on the Firewall.
1 PC is located not behind the firewall at all, but they are located behind the Interface F 0 / 1 .
The setting of this PC as following :-
< IP : 126.96.36.199 ? SM : 255.255.255.248 ? GW : 188.8.131.52 ? DNS : 184.108.40.206 > .
This User is reported to me that, he is unable to download his E-mails through POP3, but able to send using SMTP.
All the other users who using Firewall, able to send and receive using POP3 & SMTP without any Problem at all.
He is only the one who have this Problem.
Even if I change the IP and put any other IP from the Second Network, we found the same Problem.
The Access List as following :-
access-list 103 permit tcp any host 220.127.116.11 eq smtp.
access-list 103 permit tcp any host 18.104.22.168 eq pop3.
access-list 1 permit 22.214.171.124 0.0.0.7.
access-list 1 permit 126.96.36.199 0.0.0.7.
access-list 103 permit ip any any.
if you look to the first access list, it meaning like that :
The Router have an extended access list called 103, to permit the TCP Protocol, on Port 25 from any source to this Destination 188.8.131.52 only, as if the POP3 Server & SMTP Server is 184.108.40.206. while this is not the situation at all.
And the same but for POP3.
And I open every thing on Protocol IP From any where to any where .
1- Now, could be the Problem of this user who is using Real IP behind Interface F 0 /1 , the first access list ?
Because its only open smtp for this host only 220.127.116.11 , which is MY FIREWALL ?
Could it be ?
But in the same time, I enable or I open every thing on this access list , so I am getting confused .
2- what will happen if I wrote a special Access-list to enable only this IP like that :-
Access-list 103 permit tcp host 18.104.22.168 any eq SMTP
Access-list 103 Permit tcp host 22.214.171.124 any eq POP3.
3- or should I wrote an access-list to open the POP3 Server which is 126.96.36.199 to this user only like that :-
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...