cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

487
Views
0
Helpful
5
Replies
saeedccie
Beginner

Pix 501: POP Issue

Hi,

I'm having one small issue with my Pix 501 6.3(5) firewall, I have configured these Acls.....

Pix(config)# access-list LIVE_SMTP permit tcp any host x.x.x.x eq 25

Pix(config)# access-group LIVE_SMTP in interface outside

Pix(config)# access-list LIVE_POP permit tcp any host x.x.x.x eq 110

Pix(config)# access-group LIVE_POP in interface outside

The issue is email server is sending emails that are OK but not receving any emails.

Please tell me what is the issue, is there any fixup for pop or there is some other issue for receving. My email server is directly connected to the firewall with natting.

Regards,

Saeed

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Saeed,

Thats good....

Well yu can only apply one acl on an interface in one particular direction, you had two acl's:

Pix(config)# access-list LIVE_SMTP permit tcp any host x.x.x.x eq 25

Pix(config)# access-group LIVE_SMTP in interface outside

Pix(config)# access-list LIVE_POP permit tcp any host x.x.x.x eq 110

Pix(config)# access-group LIVE_POP in interface outside

So when you typed the second ACL, it replaced the first ACL.

You can add as many ACL's but with the same name.

To allow ping traffic, you would need the following config:

access-list MAIL_TRAFFIC extended permit icmp any any

and it should ping after that.

Hope this helps.

Do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

5 REPLIES 5
varrao
Advocate

Hi Saeed,

The ACL's are not correct, only one ACL can be applied in one direction, use this:

Pix(config)# access-list MAIL_TRAFFIC permit tcp any host x.x.x.x eq 25

Pix(config)# access-list MAIL_TRAFFIC permit tcp any host x.x.x.x eq 110

Pix(config)# access-group MAIL_TRAFFIC in interface outside

It should work after this.

Hope this helps.

Do Rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun,

Really thanks and working fine now.

But tell me what is the issue with my ACL that applied?

Also can you please tell me how can i enable icmp(ping) traffic to my virtual IP that associated with my email server.

I mean this IP: 110.34.33.123

Regards,

Saeed

Hi Saeed,

Thats good....

Well yu can only apply one acl on an interface in one particular direction, you had two acl's:

Pix(config)# access-list LIVE_SMTP permit tcp any host x.x.x.x eq 25

Pix(config)# access-group LIVE_SMTP in interface outside

Pix(config)# access-list LIVE_POP permit tcp any host x.x.x.x eq 110

Pix(config)# access-group LIVE_POP in interface outside

So when you typed the second ACL, it replaced the first ACL.

You can add as many ACL's but with the same name.

To allow ping traffic, you would need the following config:

access-list MAIL_TRAFFIC extended permit icmp any any

and it should ping after that.

Hope this helps.

Do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

Really thanks.

One of the wonderful support community.

Regards,

Saeed

Thanks a lot Saeed for your appreciation

Varun

Thanks,
Varun Rao