Showing results for 
Search instead for 
Did you mean: 


How does CBAC work with POP3 traffic?

Hi guys,

I have an ISR 2811 which acts as Internet Gateway. This router has a primary Internet connection through a Fast Ethernet interface and a secondary through an ADSL interface. This router has been configured for inbound & outbound IP inspection  on both WAN interfaces. The same inbound Access List has already been in place on two WAN interfaces permitting only http/https inbound traffic to our web servers and denying all other inbound traffic. All outbound traffic is permitted as well through this router. I have also already configured Policy based routing on this router with a relevant route policy, pushing the outbound traffic from a specific X IP address through the secondary ADSL link and not through the primary Ethernet link that the other Intranet users use as the primary Internet path. There is also a static PAT for this X IP address, which use the public IP address of the associated dialer of the ADSL interface.

What is the problem now? When the user (X IP Address) tries to connect to a public POP3/SMTP Server, never get the connection established. When the same user is routed through the Ethernet interface (PBR disabled) the relevant POP3 connection is fine. Again with the PBR enabled when the same user makes a telnet connection in port 25 on the same public Server, the connection is fine. Trying to telnet on 110 port the connection is failed. From the log messages I noticed that the POP3 connection never get established because the returned traffic is blocked from the inbound WAN access list on ADSL interface. However I cannot understand the reason! Please note again that the two WAN interfaces has the same characteristics regarding the CBAC and ACLs. The only difference is the PAT on the secondary interface. Also note that the X IP Address has unlimited outbound Internet connection and everything works fine except the POP3 traffic.

Can anyone confirm that  POP3 traffic should work fine, or is something going on here with CBAC and PAT enabled.

Thank you in advance for any relevant answer!

Content for Community-Ad