Re: SMTP/POP not working through PIX VPN connection.

crlstgtoshiba · ‎10-10-2005

We are using a PIX501 with a default configuration, with a few VPN accounts setup as well.

When users connect through VPN, using the Cisco VPN client with the AES-256 transform set (if that makes a difference), IMAP works (port 143), secure IMAP works (port 993), SSH works (port 22) but SMTP (port 25) and POP3 (110) do not work.

All of the above services are running on the same machine, which happily accepts connections from anywhere regardless of IP address.

Also note that when we are connected through the VPN, we get an IP address in the same subnet as the machine we are trying to connect to. This has been confirmed by connecting successfully to port 80, and then looking at the apache logs.

We have tried disabling the default smtp fixup line in the config, but the problems still remain.

Any suggestions are very much appreciated!

Thanks,

Richard.

jackko · ‎10-10-2005

just wondering if all these protocols, including imap, secure imap, ssh, smtp, and pop3 are only avaliable via vpn. or few of them are available from the internet directly with static nat/pat configured on the pix.

maybe post the config.

crlstgtoshiba · ‎10-11-2005

they are only available via vpn, and this is the way they should be.

jackko · ‎10-11-2005

the issue maybe either related to the nat/pat or outbound acl.

please post the config.

crlstgtoshiba · ‎10-11-2005

i'd rather not post the entire config from our company firewall if that's ok... are there any particular settings you need to see?

jackko · ‎10-11-2005

it should be fine if you masked all the public ip info. if it's not feasible, please post the part with nat/pat/global/static and acls.