Cisco WAN :: Open Up Port 25 Going Into 5505 For Email Server?
Feb 19, 2013
Do I create an SMTP Network Object and send TCP traffic throught NAT?
Or do I go to the ASDM's Configuration/Firewall, choose Public Servers, and choose Private Interface=inside, Public Interface=outside, set the private/public IPs, and choose SMTP as the service? This seems much simpler, but is it the correct way to do it?
I am using ASDM 6.4(5) and would like to use that versus the CLI.
I need to open ports 9080 and 5280 on my Cisco ASA 5505 firewall and despite doing everything I THINK I needed to do...when I run the utility to check from outside; it is NOT open....I utilize a website called [URL] (very good for these kinds of things) I have added the specific port(s) to my services so that I can CHOOSE them; added an ACE/ACL to; added incoming/outgoing rules to accomodate traffic to those ports....NOTHING.
I have a question about NAT behavior on FWSM 4.0. The problem is email server (Company A) cannot connect to email gateway (Company B) on the outside network and it randomly happen. I got this error from server guy "Detail: xlate has blocked the connection between A’s mail gateway and B’s mail gateway". It work fine again after clear xlate on firewall. [code]
1. How FWSM create xlate table like that? I mean it look like NAT0 for 220.127.116.11 but it doesn't has any nat rule for 18.104.22.168 on firewall.
2. What does it mean "connections 24" at the first of line? In the normal time, I only see the connections is 0 like the second line of xlate
3. After clear xlate global 22.214.171.124, the first line of xlate table is gone then email server can connect each other. Does is a bug on FWSM? or This is a normal NAT behavior of FWSM.
I've been trying to open ports to start a server on some games that I play.I used a guide that shows you how to set up the server and open up the port, but I can't get it to work.I've tried making an exception in my firewall,but that didn't work, so I tried completely disabling my firewalls. Nothing. I've gone into my router settings and opening a port this way: But it still doesn't open it up. This is what I'm using to check it.In fact, NONE of the ports are open it seems? No matter what port I try to type in on the port checker, it always gives me that same error.
-Both? -Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.
I have a Cisco ASA 5505 with a fairly simple set up. Few VPN tunnels and only 3 open ports for applications. I have entered the following lines static (inside,outside) tcp interface 9002 10.0.3.230 9002 netmask 255.255.255.255 access-list outside_access_in extended permit tcp any interface outside eq 9002.I have done this before with zero issues. The other two ports are open, however, port 9002 will not be visable from the outside. The ASA says it is open, but if I go to a site like canyouseeme, it shows closed. I cannot connect to the application either.
I have an old Win XP (SP3) desktop that just recently has a problems with attachments to emails. It simply won't allow me to open or save them.
I have tried both hotmail and btinternet.com (yahoo) emails. When I click on an attachment and choose either 'open' or 'save' the small grey box appears that usually shows the file action and download time info. However no info appears in the grey box and it just sits there (for hours). I have tried the same email attachment on another PC and it works fine so the problem is specific to this PC.
The file size is not a factor, as it fails to open attachments of only 100kb, nor is the file type (pdf). I can download large pdf files from a website with no trouble. the problem is just email attachments.
I tried switching off the Windows firewall, but this made no difference. The a/v is AVG9.0.
: Saved : Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013 ASA Version 8.4(4)1 host name cisco asa enable password xxxxx encrypted password xxxxx encrypted names interface Ethernet0/0 switch port access v lan 100 interface Ethernet0/1 interface Ethernet0/2 [code]...
I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
So here's what I think I should do to give email access only to a segment of addresses of my inside network.
1) Create a network object for 62 machines that will represent my dhcp clients.I plan to use 192.168.0.65-192.168.0.126. So I will use address 192.168.0.64 with netmask 255.255.255.192. Then set DHCP server to service this address range.
2) Create an ACL which will Permit Any to use tcp port 110 (pop3) to get to the outside. Which leads me to question #1:
How do I permit the source "Any" to communicate with "Any Less Secure Networks" like the implicit rule that gets zapped once I create new ACL? Is "Any Less Secure Network" implied by the "Any" destination?
3) Create an ACL which will Deny my DHCP range to talk to the outside.
4) Create an ACL which will Permit Any to talk to Any Less Secure Network(essentially recreating the implicit Permit ACL that got zapped).
Up to this point, all the computers on the network accessed the e-mail server via the Windows name of the PC running the e-mail server. However, one of the PCs will need to access e-mail from the WAN soon as opposed to the LAN, so I switched the server name in Thunderbird (e-mail client) to the actually fully qualified domain name of the server (registered at NO-IP, which redirects to the e-mail server at home).
The problem I am running into is that all the requests sent for IMAP or SMTP are being blocked by the router. That's even though I added port forwarding rules for them. The logs show messages similar to the following:
"Blocked incoming TCP connection request from 126.96.36.199:51291 to 188.8.131.52:143"
It doesn't make a difference if I change the endpoint filtering to "Endpoint Independent" either. Any thoughts of what else I can try? DMZ is not an option.
I have a issue that i am at a loss as how to solve it. I have an ASA 5505 as my firewall. I have users from other companies who visit from time to time and are unable to use their outlook email to send messages. They can however receive messages without a problem. I also have a situation where users who use windows live to access gmail are unable to send messages.
I have narrowed it down to the fact that these uses are using ssl/tls to send the mails. I did some research and found out about the inspect esmtp setting in the ASA. I have disabled it and i still have to problem. I have also removed all outbound deny statements and still no luck.
Of note is that i can send emails without attachments. They take a long time to go out ( from minutes to hours) but eventually they do. Emails with attachments of even 10k do not go at all.
I was running image 8.2.3 and i downgraded to 8.0.5...still did not work...i upgraded to 8.4.3...still did not work. I am now back at 8.2.3.
My Firewall config is attached. I am at my wits end as to what else to try. The company has not renewed support for the device so i am on my own here!
I have only recently noticed a HUGE decrease in my Utorrent speeds, so i thought i would have a gander and lo and behold.apparently the port Utorrent uses wasn't open. Now, i have tried about 10 different port numbers, made sure Utorrent is being accepted by Norton 360 Firewall,followed complicated directions to (i think) foward ports, and also follow directions to open a specific port.Nothing has worked so far, Utorrent still comes back with a port closed error.
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected
Below is my congig
ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....
DIR-655(A3) 1.33NAb02_HNAP_beta I used to be able to send notifications on log full etc... When my ISP was still allowing outbound email w/opt out of block on port 25. This worked on my old DI-524, and used to work on my DIR-655.In an effort to clamp down on spam my ISP formerly SBC now AT&T began requiring SSL. Secure Authentication is not required. With the ever increasing concern for controlling spam DLink really needs to get in gear and provide the support customers need and back the efforts of ISP's to control spam. Otherwise it's wasted code occupying space. On that note if space is a concern, need space for the code ~ throw SecureSpot out !
On the Outgoing Server (SMTP) Settings window click Edit and verify:
# Server Name - displays smtp.att.yahoo.com. # Port - displays 465.
Note: When updating the secure server settings, check SSL checkbox first to update the port setting.
* Under Outgoing mail (SMTP), the box next to server requires a secure connection (SSL) is checked. This works flawlessly with Thunderbird and other mail clients therefore it is clearly a shortcoming of the firmware on the DIR-655 i.e. no SSL? This is totally inadequate.
I've recently purchased a domain name from GoDaddy, and I'm having trouble setting up my server, which is running Windows Server 2003, to run email using the domain name. Before purchasing, I was using a free domain from DynDNS and it worked using it as an domain address. I'm wondering if maybe I have to set up the DNS on GoDaddy to foward the email protocol to my server.
One of my customers uses Comcast email and all of a sudden couldn't send messages the other day, telling me it was giving her an error. She said that she reset her router, and the email started working again.When I finally got over there to check it out, the email had started experiencing problems again. The error she was having was Error 550: Message Rejected (when trying to send email). There didn't appear to be any issues with her internet connection, and she wasn't having issues connecting to the email server, it was simply rejecting her messages.
I told her that she would have to contact Comcast, as there was really nothing I could do to fix their email server returning an error. She wasn't too happy, and remained convinced that her router had something to do with it. It's a Netgear WNDR3700 or WNDR3800 that I setup for her last year, it's a fine router.Has anyone ever had a Comcast email server randomly start rejecting messages? I noticed that her outgoing email was set to use port 587 which seems like a nonstandard port and also no authentication, but I have no idea what the Comcast email settings are supposed to be.
Just installed a RV042 with dual wan connections. Would like to make the WAN 2 (new cable modem as well) the primary connection over WAN1 (DSL), however whenever I switch from WAN1 to WAN2 in Smark Link set up, our email server will not send mail out, even though nothing is blocking the connection.
I'm hosting my email on an Exchange Server 2003 box and have my laptop (Vista Ultimate 32 bit) setup to connect to the exchange server for my email. This works fine through a LinkSys RV042 in one location and a LinkSys WRT54GC in another, but fails through the DIR-615 B2 (2.24 firmware) at home. I'm guessing it's blocking something needed for the MAPI connection.
I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange. I don't have an inhouse IT guy and this seems pretty straight-forward in theory but I can't figure it out I need to open ports 25, 993, 995, 443 and 465 to setup MS-Exchange.
I have an ASA 5505 with ASA version 7.2(2) and ASDM version 5.2(2) and I am attempting to open ports 88 and 5445 and forward them to the IP address of my DVR. This is all new for me. I see several posts for other software version to do this same thing but my version appears to be older?
I'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly.
I just installed a Cisco ASA 5505 in my company's network,however the network became so slow and many websites cannot be opened or it takes toolong to open (yahoo, hotmail etc.) resulting to a request time out sometimes.
Here is my configuration:
ASA Version 8.2(1) !hostname xxxxxxenable password xxxxxx encryptedpasswd xxxxx encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif outside security-level 0 ip address
I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.