Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
0
Helpful
3
Replies

How to Access External mail server via PIX

shabiersayed
Level 1
Level 1

‎12-29-2004 04:55 AM - edited ‎02-20-2020 11:49 PM

Hi,

My setup goes like this...Internal(100.x.x.101)---proxy---firewall---router---Internet---ISP (MAIL Server - 212.xxx.xxx.40). If i want to access my e-mails located at ISP. What are the protocols i should allow apart from SMTP, POP3? If anybody has got the same setup, help me out.

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎12-29-2004 06:02 AM

I do not have excatly the same setup as you, but you need to let pass the protocol smtp to send messages and pop3 to get them depends on your ISP.

Check on your providers web site, thay might also support pops with SSL (encrypted pop3 traffic) = TCP/995 or imap or imaps = TCP/993.

Be sure that your workstations that are using mail have a default gateway. Only proxy config does not need a gateway for browsing the internet. Which really good for the security point of view.

I suppose that the proxy server is on the same network as your clients !

Example:

PIX(config)# access-list acl-inside permit tcp host ProxyServer any eq http

PIX(config)# access-list acl-inside permit tcp host ProxyServer any eq https

PIX(config)# access-list acl-inside permit tcp host ProxyServer any eq ftp

PIX(config)# access-list acl-inside permit tcp InternalNetwork IntenalSubnetMask host 212.xxx.xxx.40 eq pop3

PIX(config)# access-list acl-inside permit tcp InternalNetwork IntenalSubnetMask host 212.xxx.xxx.40 eq smtp

PIX(config)# access-group acl-inside in interface inside

Does your proxy server supports other protocols than http. https or ftp ???

sincerely

Patrick

0 Helpful

shabiersayed
Level 1
Level 1
In response to Patrick Iseli

‎12-30-2004 12:05 AM

Dear Patrick,

PIX(config)# access-list acl-inside permit tcp host ProxyServer any eq http

PIX(config)# access-list acl-inside permit tcp host ProxyServer any eq https

PIX(config)# access-list acl-inside permit tcp host ProxyServer any eq ftp

PIX(config)# access-list acl-inside permit tcp InternalNetwork IntenalSubnetMask host 212.xxx.xxx.40 eq pop3

PIX(config)# access-list acl-inside permit tcp InternalNetwork IntenalSubnetMask host 212.xxx.xxx.40 eq smtp

I think by default everything is allowed from inside and my default route shows to the internet router. Apart from this do u think i need to add the above lines?

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to shabiersayed

‎12-30-2004 08:29 AM

You are absolutly right, but how do you want to enforce that just hosts that use the Proxy Server can use http and https..?

I supposed that you were enforcing that kind of policy.

Anyway, If you do not have an access-list on the inside interface then everybody can access anything from the inside to the outside and so you do not need to defined or change the access-list.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card