The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on CBAC. I ran into that problem before.
""Ray Brehm"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a 2621 with IOS IP/FW that I'm unable to connect through to the > inside SMTP server. I can connect to that same server using POP3 with no > errors. The inside device is a static NAT. The port appears open when I > port scan the IP address but I get TCP errors when trying to send mail. > > Any ideas? Did I miss something stupid? > Is the fact that I have multiple "nat inside" interfaces relevant is > this situation? (I've never known it to make a difference) > > Relevant config: > > ip inspect name firewall http > ip inspect name firewall ftp > ip inspect name firewall netshow > ip inspect name firewall realaudio > ip inspect name firewall rtsp > ip inspect name firewall smtp > ip inspect name firewall tcp > ip inspect name firewall udp > > interface FastEthernet0/0 > ip address 10.1.0.1 255.255.255.0 > ip nat inside > speed 10 > full-duplex > ntp broadcast > bridge-group 1 > ! > interface Serial0/0 > ip address 10.1.12.1 255.255.255.0 > ip nat inside > bridge-group 1 > ! > interface FastEthernet0/1 > ip address 12.42.189.2 255.255.255.240 > ip access-group 103 in > ip nat outside > ip inspect firewall out > duplex auto > speed auto > ! > interface Serial0/1 > ip address 10.1.13.1 255.255.255.0 > ip nat inside > bridge-group 1 > ! > router eigrp 100 > redistribute static metric 384 255 255 1 1500 > network 10.0.0.0 > auto-summary > no eigrp log-neighbor-changes > ! > ip nat inside source list 18 interface FastEthernet0/1 overload > ip nat inside source static 10.1.0.4 12.42.189.4 > ip classless > ip route 0.0.0.0 0.0.0.0 12.42.189.1 > ! > logging history debugging > logging 10.1.0.3 > access-list 18 permit 10.1.0.0 0.0.255.255 > access-list 101 permit tcp any any ack > access-list 101 permit udp any any > access-list 101 permit icmp any any > access-list 103 permit tcp any host 12.42.189.4 eq smtp > access-list 103 permit tcp any host 12.42.189.4 eq pop3 > bridge 1 protocol ieee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29797&t=29794 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]