cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
498
Views
4
Helpful
2
Replies

Mail server not accessible through domain name from Inside network

edwardwaithaka
Level 1
Level 1

Hi,

I have the following problem;

I have installed an ASA firewall on my Internet perimeter which protects our users and mail server.

The mail server is now not accessible through the web browser (mail.ourdomain.com). I have allowed all the necessary ports (25, 110, 80) and static PAT to the ports.

The mail server has the same public IP address as the Firewall outside interface.

I have also tried DNS docturing to no avail.

What am I missing?

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x object-group MAIL_SERVICES log

access-list IF_OUTSIDE_IN extended permit tcp any host x.x.x.x eq www

access-list IF_OUTSIDE_IN extended permit icmp any any object-group ICMP_SERVICES

MAIL_SERVICES = 25, 110

interface Ethernet0/0

nameif IF_OUTSIDE

security-level 0

ip address x.x.x.x 255.255.255.248

mail.ourdomain.com = x.x.x.x

global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1 0.0.0.0 0.0.0.0

static (IF_INSIDE,IF_OUTSIDE) tcp interface pop3 y.y.y.y pop3 netmask 255.255.255.255

static (IF_INSIDE,IF_OUTSIDE) tcp interface smtp y.y.y.y smtp netmask 255.255.255.255

static (IF_INSIDE,IF_OUTSIDE) tcp interface www y.y.y.y www netmask 255.255.255.255 dns

y.y.y.y = Mail server Private

2 Replies 2

edwardwaithaka
Level 1
Level 1

Forgot to mention, Mail server can't send or receive mail to the world.

Users can browse the Internet using;

nat-control

global (IF_OUTSIDE) 1 interface

nat (IF_INSIDE) 1 0.0.0.0 0.0.0.0

I would start from the beginning, if the MX record really points to x.x.x.x by ping mail.yourdomain.com . You permitted ICMP so you should get replies.

A sanitized config of ASA would be really helpfull.

Review Cisco Networking for a $25 gift card