Cisco Firewall :: Email Port Open For ASA 5505?
Jan 16, 2012
when I want to let email to come through the ASA5505 from outside to DMZ and Inside network, are the below command lines correct and good enough?
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq imap4
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq pop3
access-list outside_DMZ extended permit tcp outside-network-ip dmz-network-ip eq smtp
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq imap4
access-list outside_inside extended permit tcp outside-network-ip inside-network-ip eq pop3
[code]....
Are there any other TCP ports want to be allowed and other command lines need to be added?
View 5 Replies
ADVERTISEMENT
Feb 19, 2013
Do I create an SMTP Network Object and send TCP traffic throught NAT?
Or do I go to the ASDM's Configuration/Firewall, choose Public Servers, and choose Private Interface=inside, Public Interface=outside, set the private/public IPs, and choose SMTP as the service? This seems much simpler, but is it the correct way to do it?
I am using ASDM 6.4(5) and would like to use that versus the CLI.
View 4 Replies
View Related
Mar 11, 2011
I am trying to open port 52199 on my ASA 5505 I have gone to firewall, access rules and then add tcpip.Not sure if that is the correct place but cannot get it to work?
View 1 Replies
View Related
Mar 2, 2013
I need to open ports 9080 and 5280 on my Cisco ASA 5505 firewall and despite doing everything I THINK I needed to do...when I run the utility to check from outside; it is NOT open....I utilize a website called [URL] (very good for these kinds of things) I have added the specific port(s) to my services so that I can CHOOSE them; added an ACE/ACL to; added incoming/outgoing rules to accomodate traffic to those ports....NOTHING.
View 7 Replies
View Related
Oct 14, 2012
I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
View 1 Replies
View Related
Nov 14, 2011
So here's what I think I should do to give email access only to a segment of addresses of my inside network.
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use 192.168.0.65-192.168.0.126. So I will use address 192.168.0.64 with netmask 255.255.255.192. Then set DHCP server to service this address range.
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
3) Create an ACL which will Deny my DHCP range to talk to the outside.
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).
View 1 Replies
View Related
Feb 19, 2013
I have a Cisco ASA 5505 with a fairly simple set up. Few VPN tunnels and only 3 open ports for applications. I have entered the following lines static (inside,outside) tcp interface 9002 10.0.3.230 9002 netmask 255.255.255.255 access-list outside_access_in extended permit tcp any interface outside eq 9002.I have done this before with zero issues. The other two ports are open, however, port 9002 will not be visable from the outside. The ASA says it is open, but if I go to a site like canyouseeme, it shows closed. I cannot connect to the application either.
View 3 Replies
View Related
Apr 21, 2013
I need to open port 4001 on my router for someone to have access. I need to do this thru GUI. Cisco ASA 5505
View 5 Replies
View Related
Apr 29, 2013
I need to configure pop3 port to be open on my ASA 5505. I've created an acl and static route to do this but for some reason, it's not open.
View 1 Replies
View Related
Nov 28, 2011
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
View 2 Replies
View Related
May 9, 2013
I have an ASA 5505 with ASA version 7.2(2) and ASDM version 5.2(2) and I am attempting to open ports 88 and 5445 and forward them to the IP address of my DVR. This is all new for me. I see several posts for other software version to do this same thing but my version appears to be older?
View 1 Replies
View Related
Oct 20, 2012
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies
View Related
May 5, 2013
I'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly.
[code]....
View 5 Replies
View Related
Oct 12, 2011
How to list ports open on Cisco ASA 5505 appliance? I have tried to see using Cisco ASDM launcher, but no luck.
View 1 Replies
View Related
May 22, 2011
I just installed a Cisco ASA 5505 in my company's network,however the network became so slow and many websites cannot be opened or it takes toolong to open (yahoo, hotmail etc.) resulting to a request time out sometimes.
Here is my configuration:
ASA Version 8.2(1) !hostname xxxxxxenable password xxxxxx encryptedpasswd xxxxx encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif outside security-level 0 ip address
[Code].....
View 2 Replies
View Related
Aug 8, 2012
I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
1. How FWSM create xlate table like that? I mean it look like NAT0 for 158.137.21.26 but it doesn't has any nat rule for 158.137.21.26 on firewall.
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
3. After clear xlate global 158.137.21.26, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.
View 1 Replies
View Related
Feb 26, 2011
i just ran a NMAP scan on the outside interface of a ASA 5520. It seems that the TCP Ports 7070 and 554 are open on all NAT interfaces and the outside interface of the firewall. I tried telnet on port 554 and 7070 and got connected.
View 10 Replies
View Related
Sep 8, 2011
This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
View 23 Replies
View Related
Feb 14, 2012
We have an ASA5510 that we need to open port 25 to allow mail traffic to our internal Exchange server.We have 2 interfaces defined... one named Internal on eth0/3 ip 10.1.x.x and one named Internet on eth 0/0 ip 96.56.x.x.We followed the instructions in ASDM for allowing access to a public server but confusion over definitions have stopped us.ASDM asks for the internal interface and the internal server IP... no problem there because the internal interface and server have two different IP addresses. The Internal interface is eth 0/3 (10.1.1.1) and the server is 10.1.1.2.
However, when we get to the External interface (eth 0/1) there is only a single IP address 96.56.x.x but the ASDM asks for an Interface IP and the IP people would use to get to the mail server from the outside. Inasmuch as we have only 1 external IP address (which connects to our upstream Cisco router which in turn connects to the ISP modem) we used the same IP for both but the ASDM returns an error indicating they must be different.
Apparently we do not have a clear understanding of what the ASDM is actually asking for. When the ASDM asks for the external interface we assumed it was asking for the named value we gave the interface (which is Internet). The named value "Internet" has an ip associated with it 96.56.x.x. But when the ASDM asks for the ip people on the outside would use to get to the mail server (we created a named value called "mail server" and gave it the same ip address as the external named value. This duplication of ip address causes the ASDM to return the error stating that external Interface to be used and the external ip to be used cannot be the same.Have we made an error when we assumed that when the ASDM asked for the external interface it meant the ip of the external interface or was it asking for the eth number (as in eth 0/0) for the interface?
View 33 Replies
View Related
Jun 30, 2012
I have a static IP address over 100Mbit fiber. I've installed a Mac Mini as a webserver and opened the ports 80, 443 and 5900 and a few others for minor services. Everything works fine: the http server (and https as well) is up and pepole can reach it from wan.Yesterday I tried to setup the FTP service with less success. Into the ACCESS RULES I enabled the FTP service and, as a result the port 21 opened up.
But if I connect via Cyberduck to the server I can navigate through the folders but I can't download anything. So I tryed to open up the port 20 for data transfer with no result. Same issue when I tryed to setup the AFP service to mount remotely server volumes: port 548 opened up but no success with port 549.
View 1 Replies
View Related
Nov 23, 2011
I travel a lot and use wifi in a lot of different places (hotels, airports, etc.)My apps don't always work and I suspect that in some instances the broadband provider is blocking some of the ports I need.I don't need a port scanner like NMAP since that scans a target IP for listening ports.What I need is a way to figure out whether some firewall between my PC and the Internet is blocking specific UDP or TCP port ranges.
View 2 Replies
View Related
Mar 4, 2011
I try to get this appication to open from my email?
View 2 Replies
View Related
Mar 13, 2011
I need to open ports 5000 and 5001 on my Cisco PIX 501 to enable some users to be able to connect to our CCTV from outside, how should I open these 2 ports?
View 5 Replies
View Related
Jan 29, 2013
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900 If i configured with only one port 5900 or 3389, is't ok, i don't understand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
[code]....
View 7 Replies
View Related
Apr 26, 2012
I have done any and everything just to even open a specific port on my pc and try PortForward's port checker and web based checkers, and I can't get the port or any port to show as open.I am trying to make an IP webcam on my network viewable from the internet.My setup is like this"gigaset 204a" / DSL modem (Ethernet cable goes into internet port on LINKSYS WRTGS wireless router) [code] Disabled I went to LINKSYS port forwarding, the address I am forwarding to is the ip webcam server. I know if the IP changes it won't work, but before thinking of setting up a static ip for the webcam on my network, I need to get it to actually work.Nothing I do will open any ports on my pc. I've tried enabling DMZ. I've even set rules for windows firewall to allow incoming/outgoing connections on the port I want, i've disabled windows firewall. am running on windows 7 ultimate. The problem for my really is as far as I can tell, I can't even open a port to allow connections to my computer from the outside. Of course all my internet games etc work fine and have never had a problem, but I can't seem to manually open a port I want.
View 4 Replies
View Related
Sep 8, 2011
I can no longer open email file attachments, I get no message of the fault
View 1 Replies
View Related
Feb 16, 2012
My email acct. is not downloading (opening attachments). asking me to log into server with "login & Password" . Download Manager also opens at lower screen..
View 1 Replies
View Related
Aug 15, 2012
I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.
View 12 Replies
View Related
Dec 2, 2011
So here is my network.
ASA5505--->Cisco1841--->Cat2960
Code
ASA asa831-k8.bin
Cisco 1841 c1841-adventerprisek9-mz.151-4.M2.bin
Cat 2960 c2960-lanbasek9-mz.122-55.SE1.bin
and here is my dilemma.
I can SSH from the internet to my ASA on default port 22, directly to my public IP. I can SSH from the internet to my Cisco 1841 on port 2001. I can not however, SSH to my Cat 2960. From what i can tell, on the Cat2960 i can't change the default port 22 for SSH to different port, just like i did on the Cisco 1841. I looked to see if I can change the default port for SSH on he ASA, it does not look like this is an option.
The bottom line is that i want to be able to SSH to all three devices from the internet. I only have one public IP. As of now, what i can do is only SSH to the ASA on default port 22 directly to the public IP and Cisco 1841 on port 2001. It appears that changing the default SSH port on Cat 2960 is not an option. It also appears that I can't change the default SSH port on the ASA, if i could, i would and then i should be able to SSH to the Cat 2960 on port 22. No matter what i did on the ASA, it always listens on port 22 for SSH connections.
show asp table socket
TCP 001f549f <<pub IP>>:22 0.0.0.0:* LISTEN
how do i make it listen on different port?
Here is relevent config for SSH for cisco 1841 (port forwarding)
ON ASA
object network ROUTER
host 10.10.1.1
[Code].....
View 28 Replies
View Related
Dec 6, 2012
We have a ASA5510 and I need to open port 22 for a speacific IP in our LAN outbound only.
View 15 Replies
View Related
Aug 18, 2011
With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.
View 5 Replies
View Related
Feb 28, 2012
I have a weather station at our high school that needs UDP port 9500 open inbound/outbound to specified IP addresses.
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
View 1 Replies
View Related
Apr 14, 2011
I have an old Win XP (SP3) desktop that just recently has a problems with attachments to emails. It simply won't allow me to open or save them.
I have tried both hotmail and btinternet.com (yahoo) emails. When I click on an attachment and choose either 'open' or 'save' the small grey box appears that usually shows the file action and download time info. However no info appears in the grey box and it just sits there (for hours). I have tried the same email attachment on another PC and it works fine so the problem is specific to this PC.
The file size is not a factor, as it fails to open attachments of only 100kb, nor is the file type (pdf). I can download large pdf files from a website with no trouble. the problem is just email attachments.
I tried switching off the Windows firewall, but this made no difference. The a/v is AVG9.0.
View 1 Replies
View Related
