Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX-ACL

Hello All,

I have setup mail server behind PIX firewall, internally mail server works fine. Only problem is from outside. following is the ACL configured on PIX,

access-list 200 extended permit tcp any eq pop3 host xx.xx.xx.xx eq pop3

access-list 200 extended permit tcp any eq smtp host xx.xx.xx.xx eq smtp

where xx.xx.xx.xx is the private ip address of mail server.

Is this rule is enough for running Mail server behind firewall ans is this rule seems correct...?

NAT Translation is also has been configured correctly.

Thanks,

Dhaval Tandel

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX-ACL

Hi Dhaval.

Source port should not be pop3. This should be your inbound access-list on the outside interface.

access-list 200 extended permit tcp any host xx.xx.xx.xx eq pop3

access-list 200 extended permit tcp any host xx.xx.xx.xx eq smtp

xx.xx.xx.xx should be the public IP of the server if it should be access thru internet. Then use the "static" command to translate the server's private IP to public IP.

Regards,

John

2 REPLIES

Re: PIX-ACL

Hi Dhaval.

Source port should not be pop3. This should be your inbound access-list on the outside interface.

access-list 200 extended permit tcp any host xx.xx.xx.xx eq pop3

access-list 200 extended permit tcp any host xx.xx.xx.xx eq smtp

xx.xx.xx.xx should be the public IP of the server if it should be access thru internet. Then use the "static" command to translate the server's private IP to public IP.

Regards,

John

New Member

Re: PIX-ACL

Hello JOHN

Thanks,

I resolved my issue.

Thanks

Dhaval Tandel

95
Views
0
Helpful
2
Replies
CreatePlease login to create content