Dear All,

I have cisco router for internet 1841.

He has 2 interface as following :-

1. Fast Ethernet 0/0 :-

Description : connected to My ISP Router FOR INTERNET Connection. .

IP Address of this Interface : 213.255.237.109 / 255.255.255.248

2. Fast Ethernet 0 /1 :-

Description : connected to My Cisco Switch For Connect devices

IP Address of this Interface : 213.255.237.113 / 255.255.255.248.

The Access List which implemented on it : ip access-group 103 out

The IP Schema for My Company which the ISP Has assign it to me was the following :-

< First Network > :-

Which is assign only to the Interface F0/0 :-

< 213.255.237.104 ? UP TO 213.255.237.111 >

< Second Network >

Which is assign only to the Interface F0/1 :-

< 213.255.237.112 ? UP TO 213.255.237.119 > .

The Route for My traffic is < IP Route 0.0.0.0 0.0.0.0 213.255.237.105 > .

The Cable which is getting out from Interface F 0 / 1, is plugged in UNMANAGED Switch in Port 2 to connect other devices with Network 2 like My Firewall and MY CEO PC under real IP as well .

The FIREWALL Called Fortigate and its configuration as following:-

First Nic :-

IP : 213.255.237.116

SM : 255.255.255.248

GW : 213.255.237.113.

Second Nic

IP Address : 192.168.1.00

SM : 255.255.255.0

All the Users in My LAN Configured to use the FW as NAT , and all of them are configured with it?s as GATEWAY.

Our E-mail Server is Hosted Out side, and we are using the POP3 & SMTP to access it. We do not have exchange server at all,

POP3 : 64.202.165.92

SMTP : 64.202.165.58

There is No any Restriction at all on the Firewall to disable any traffic or stop any thing at all, and every thing is Open in the Inbound & Outbound interfaces on the Firewall.

Now ,

1 PC is located not behind the firewall at all, but they are located behind the Interface F 0 / 1 .

The setting of this PC as following :-

< IP : 213.255.237.119 ? SM : 255.255.255.248 ? GW : 213.255.237.113 ? DNS : 213.255.237.8 > .

This User is reported to me that, he is unable to download his E-mails through POP3, but able to send using SMTP.

All the other users who using Firewall, able to send and receive using POP3 & SMTP without any Problem at all.

He is only the one who have this Problem.

Even if I change the IP and put any other IP from the Second Network, we found the same Problem.

The Access List as following :-

access-list 103 permit tcp any host 213.255.237.116 eq smtp.

access-list 103 permit tcp any host 213.255.237.116 eq pop3.

access-list 1 permit 213.255.237.104 0.0.0.7.

access-list 1 permit 213.255.237.112 0.0.0.7.

access-list 103 permit ip any any.

if you look to the first access list, it meaning like that :

The Router have an extended access list called 103, to permit the TCP Protocol, on Port 25 from any source to this Destination 213.255.237.116 only, as if the POP3 Server & SMTP Server is 213.255.237.116. while this is not the situation at all.

And the same but for POP3.

And I open every thing on Protocol IP From any where to any where .

1- Now, could be the Problem of this user who is using Real IP behind Interface F 0 /1 , the first access list ?

Because its only open smtp for this host only 213.255.237.116 , which is MY FIREWALL ?

Could it be ?

But in the same time, I enable or I open every thing on this access list , so I am getting confused .

2- what will happen if I wrote a special Access-list to enable only this IP like that :-

Access-list 103 permit tcp host 213.255.237.119 any eq SMTP

Access-list 103 Permit tcp host 213.255.237.119 any eq POP3.

3- or should I wrote an access-list to open the POP3 Server which is 64.202.165.92 to this user only like that :-

Access-list 103 Permit tcp host 213.255.237.119 host 64.202.165.92 eq POP3

Access-list 103 Permit tcp host 213.255.237.119 host 64.202.165.58 eq SMTP

4- could be the Problem on the Access-list it self direction ?

should I put it on F0/0 Out?