05-05-2009 06:44 PM - edited 03-11-2019 08:27 AM
I have a Linksys router and replaced with a pix unit. Since I replaced it I have some problem with emails through outlook. We use Mdaemon for emails and it is configured on the server 10.1.1.10. Here is what I observed with emails and the problem is
10.1.1.10 - Mdaemon software is installed on this mail server
11.12.13.14 is pointed to mail.testclient.com
Can see incoming/outgoing emails on mdaemon server in user queues
Webmail works internally http://10.1.1.10:3000 and externally http://11.12.13.14:3000 and emails are successful
Webmail externally http://mail.testclient.com:3000 - accessible
Problem
Outlook internally when configured to mail.testclient.com - mails don't work. When configured to 10.1.1.10, mails work.
Outlook externally when configured to mail.testclient.com or 11.12.13.14 - mails don't work.
So for some reason I cannot access mail.testclient.com internally. Telnet to mail.testclient.com on port 25 and 110 are unsuccessful. However telnet to mail.testclient.com and 11.12.13.14 on port 25 and 110 are successful.
I ran some debugs and the output as below. 10.1.1.80 is one of the systems on the network
debug packet outside src 11.12.13.14 dst 10.1.1.10 proto tcp both
debug packet inside src 10.1.1.80 dst 11.12.13.14 proto tcp both
-- IP --
10.1.1.80 ==> 11.12.13.14
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x30
id = 0xb8bd flags = 0x40 frag off=0x0
ttl = 0x80 proto=0x6 chksum = 0x1d16
-- TCP --
source port = 0xe95 dest port = 0x19syn
seq = 0x5709743a
ack = 0x0
hlen = 0x7 window = 0x7fff
checksum = 0x43a urg = 0x0
tcp options:
0x2 0x4 0x5 0xb4 0x1 0x1 0x4
0x2
--------- END OF PACKET ---------
I ran packet capture but nothing captured
capture TEST access-list tac
access-list tac extended permit ip any host 10.1.1.10
access-list tac extended permit ip host 10.1.1.10 any
access-list tac extended permit ip any host 10.1.1.80
access-list tac extended permit ip host 10.1.1.80 any
But I can see the translation happening in xlate.
PAT Global 74.94.207.69(25) Local 10.1.1.10(25)
Can someone please suggest on this?
Thanks
05-06-2009 05:49 AM
so mail.testclient.com is pointing to 11.12.13.14 which is the external (nat) adres on the Pix firewall.
Assume when u say internal u mean behind the inside of the pix firewall the problem is inside users can't connect to the 11.12.13.14. thats the ip they are connecting to, when connecting to http://mail.testclient.com.
Since this is an (nat) ip adres on the outside interface on the pix its only accessible then the trafic is coming from the outside.
A solution is to use an diffrent URL for internal users and point that to the internal adres.
What kind of nat configuration are u using?
Btw i don't follow u here?
So for some reason I cannot access mail.testclient.com internally. Telnet to mail.testclient.com on port 25 and 110 are unsuccessful. However telnet to mail.testclient.com and 11.12.13.14 on port 25 and 110 are successful.
Do u mean its not working internaly but it is when ur connecting from the outside?