Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
5
Replies

Pix 501: POP Issue

Go to solution
saeedccie
Level 1
Level 1

‎06-24-2011 02:45 AM - edited ‎03-11-2019 01:49 PM

Hi,

I'm having one small issue with my Pix 501 6.3(5) firewall, I have configured these Acls.....

Pix(config)# access-list LIVE_SMTP permit tcp any host x.x.x.x eq 25

Pix(config)# access-group LIVE_SMTP in interface outside

Pix(config)# access-list LIVE_POP permit tcp any host x.x.x.x eq 110

Pix(config)# access-group LIVE_POP in interface outside

The issue is email server is sending emails that are OK but not receving any emails.

Please tell me what is the issue, is there any fixup for pop or there is some other issue for receving. My email server is directly connected to the firewall with natting.

Regards,

Saeed

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to saeedccie

‎06-24-2011 03:15 AM

Hi Saeed,

Thats good....

Well yu can only apply one acl on an interface in one particular direction, you had two acl's:

Pix(config)# access-list LIVE_SMTP permit tcp any host x.x.x.x eq 25

Pix(config)# access-group LIVE_SMTP in interface outside

Pix(config)# access-list LIVE_POP permit tcp any host x.x.x.x eq 110

Pix(config)# access-group LIVE_POP in interface outside

So when you typed the second ACL, it replaced the first ACL.

You can add as many ACL's but with the same name.

To allow ping traffic, you would need the following config:

access-list MAIL_TRAFFIC extended permit icmp any any

and it should ping after that.

Hope this helps.

Do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
5 Replies 5

Go to solution
varrao
Level 10
Level 10

‎06-24-2011 02:49 AM

Hi Saeed,

The ACL's are not correct, only one ACL can be applied in one direction, use this:

Pix(config)# access-list MAIL_TRAFFIC permit tcp any host x.x.x.x eq 25

Pix(config)# access-list MAIL_TRAFFIC permit tcp any host x.x.x.x eq 110

Pix(config)# access-group MAIL_TRAFFIC in interface outside

It should work after this.

Hope this helps.

Do Rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
saeedccie
Level 1
Level 1
In response to varrao

‎06-24-2011 03:05 AM

Hi Varun,

Really thanks and working fine now.

But tell me what is the issue with my ACL that applied?

Also can you please tell me how can i enable icmp(ping) traffic to my virtual IP that associated with my email server.

I mean this IP: 110.34.33.123

Regards,

Saeed

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to saeedccie

‎06-24-2011 03:15 AM

Hi Saeed,

Thats good....

Well yu can only apply one acl on an interface in one particular direction, you had two acl's:

Pix(config)# access-list LIVE_SMTP permit tcp any host x.x.x.x eq 25

Pix(config)# access-group LIVE_SMTP in interface outside

Pix(config)# access-list LIVE_POP permit tcp any host x.x.x.x eq 110

Pix(config)# access-group LIVE_POP in interface outside

So when you typed the second ACL, it replaced the first ACL.

You can add as many ACL's but with the same name.

To allow ping traffic, you would need the following config:

access-list MAIL_TRAFFIC extended permit icmp any any

and it should ping after that.

Hope this helps.

Do rate helpful posts.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
saeedccie
Level 1
Level 1
In response to varrao

‎06-24-2011 03:23 AM

Really thanks.

One of the wonderful support community.

Regards,

Saeed

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to saeedccie

‎06-24-2011 03:26 AM

Thanks a lot Saeed for your appreciation

Varun

Thanks,
Varun Rao
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card