Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
9
Helpful
6
Replies

UC560 IMAP unreachable

frenaudcisco
Level 1
Level 1

‎12-20-2012 12:35 PM - edited ‎03-21-2019 06:46 AM

We have a UC560 on which I just enabled Unified Messaging. I cannot sem to connect to port 143 (standard IMAP port) from our computers. Here's a quick rundown of the setup:

Our network is on a 192.168.230.x subnet with a Microsoft TMG Server acting as gateway.

UC560 = 192.168.230.15

CUE = 10.1.10.1

TMG = 192.168.230.3

Initially, I added a static route on the TMG server to forward 10.1.10.x to 192.168.230.15. That granted me access to the CUE interface and I can communicate with the CUE web interface from any computer on the network. When I try to Telnet on port 143 from a workstation it won't connect (I get a "A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer" message in TMG when I trace the connection). I am able to Telnet into 143 on 10.1.10.1 from the TMG server, but not from any computers on the network.

Labels:
0 Helpful
6 Replies 6

Alexander Maroukian
Level 7
Level 7

‎12-20-2012 01:04 PM

Hi Francis,

Are you able to connect from the CUE or from the VLAN90(10.1.10.2 - ping 192.168.230.x source vlan90)  to the PC?

Are you sure the TMG allows this connection?

If you connect a PC directly to the UC and put a static route directly to 10.1.10.0 network is it working?

If it is working directly you have to configure the TMG.

HTH,

Alex

*Please rate helpful posts

0 Helpful

frenaudcisco
Level 1
Level 1
In response to Alexander Maroukian

‎12-20-2012 01:36 PM

If I telnet into the UC560 192.168.230.15:

     ping 192.168.230.15 source vlan90 = fail

     ping 10.1.10.1 source vlan90 = success

     ping 10.1.10.2 source vlan90 = success

TMG is indeed configured to allow the connection.

If I connect a laptop directly into the PC port of the UC560 and assign the following, I can connect to port 143 on 10.1.10.1:

IP = 192.168.230.249

Subnet = 255.255.255.0

Gateway = 192.168.230.15

What should my routes and gateways look like on my UC560 interfaces (192.168.230.15, 10.1.10.1 and 10.1.10.2)?

0 Helpful

johschaf
Level 4
Level 4
In response to frenaudcisco

‎12-20-2012 04:21 PM

Hello Francis,

It appears the routing is correct, but that the TMG is blocking the connection when it is the default gateway. It appears that since the TMG can't see the entire TCP handshake it just drops the connection.

As far as the routes, the gateway for 10.1.10.1 is 10.1.10.2, the network is a /30. The UC at 192.168.230.15 doens't necessarily need a gateway, but if you wanted to add one you would create a static default route that points to the TMG which will then route the traffic from the UC accordingly.

Thanks,

-john

frenaudcisco
Level 1
Level 1
In response to johschaf

‎12-21-2012 05:24 AM

Here's the output of "sh ip route" for the UC560:

          10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        10.1.1.0/24 is directly connected, Vlan100
L        10.1.1.1/32 is directly connected, Vlan100
C        10.1.10.0/30 is directly connected, Vlan90
S        10.1.10.1/32 is directly connected, Vlan90
L        10.1.10.2/32 is directly connected, Vlan90
C     192.168.224.0/21 is directly connected, Vlan1
      192.168.230.0/32 is subnetted, 1 subnets
L        192.168.230.15 is directly connected, Vlan1

And here's the output for the CUE module:

           DEST            GATE            MASK IFACE

      10.1.10.0         0.0.0.0 255.255.255.252 eth0

        0.0.0.0       10.1.10.2         0.0.0.0 eth0

0 Helpful

Alexander Maroukian
Level 7
Level 7
In response to frenaudcisco

‎12-21-2012 01:37 PM

Hello Francis,

It is not the UC routing which is not correct - as previously said it is TMG blocking. Which is true if everything is ok when you connnect the PC with the UC. If your PC is in the 192.168.230.0 network then you may want to try the following:

If you want to route directly without going through the TMG please enter the following command in windows:

route add 10.1.10.0 mask 255.255.255.252 192.168.230.15

This will make the communication to the CUE network directly through the UC without routing through the TMG and it should work. Yuo may add the following to make this permanent route in windows:

route add 10.1.10.0 mask 255.255.255.252 192.168.230.15 -p

If you want to enable it trough TMG you should consult with the TMG manual or expert. I assume you have to add a rule which allows this communication through the firewall.

Also I do not see the default gateway on the UC from the output of the show ip route.

HTH,

Alex

*Please rate helpful posts

frenaudcisco
Level 1
Level 1
In response to Alexander Maroukian

‎12-21-2012 01:45 PM

I'm trying to avoid having to add a route manually to each workstation. I'll see what I can do with TMG. I added a "last resort gateway" pointing to TMG on the UC560, but still no joy.

0 Helpful
Customers Also Viewed These Support Documents