Steven A. Ridder wrote: >The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on >CBAC. I ran into that problem before. > I'm not actually doing CBAC on the inbound traffic, I'm just letting it through with the access list. At any rate, I removed the IP inspect command from the interface and I still have the same problem. TCP to the POP port works fine, TCP to the SMTP port doesn't respond. I can telnet to port 25 locally, get the server response and type a command, I get no response telnetting to port 25 through the firewall.
> > >""Ray Brehm"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>I have a 2621 with IOS IP/FW that I'm unable to connect through to the >>inside SMTP server. I can connect to that same server using POP3 with no >>errors. The inside device is a static NAT. The port appears open when I >>port scan the IP address but I get TCP errors when trying to send mail. >> >>Any ideas? Did I miss something stupid? >>Is the fact that I have multiple "nat inside" interfaces relevant is >>this situation? (I've never known it to make a difference) >> >>Relevant config: >> >>ip inspect name firewall http >>ip inspect name firewall ftp >>ip inspect name firewall netshow >>ip inspect name firewall realaudio >>ip inspect name firewall rtsp >>ip inspect name firewall smtp >>ip inspect name firewall tcp >>ip inspect name firewall udp >> >>interface FastEthernet0/0 >> ip address 10.1.0.1 255.255.255.0 >> ip nat inside >> speed 10 >> full-duplex >> ntp broadcast >> bridge-group 1 >>! >>interface Serial0/0 >> ip address 10.1.12.1 255.255.255.0 >> ip nat inside >> bridge-group 1 >>! >>interface FastEthernet0/1 >> ip address 12.42.189.2 255.255.255.240 >> ip access-group 103 in >> ip nat outside >> ip inspect firewall out >> duplex auto >> speed auto >>! >>interface Serial0/1 >> ip address 10.1.13.1 255.255.255.0 >> ip nat inside >> bridge-group 1 >>! >>router eigrp 100 >> redistribute static metric 384 255 255 1 1500 >> network 10.0.0.0 >> auto-summary >> no eigrp log-neighbor-changes >>! >>ip nat inside source list 18 interface FastEthernet0/1 overload >>ip nat inside source static 10.1.0.4 12.42.189.4 >>ip classless >>ip route 0.0.0.0 0.0.0.0 12.42.189.1 >>! >>logging history debugging >>logging 10.1.0.3 >>access-list 18 permit 10.1.0.0 0.0.255.255 >>access-list 101 permit tcp any any ack >>access-list 101 permit udp any any >>access-list 101 permit icmp any any >>access-list 103 permit tcp any host 12.42.189.4 eq smtp >>access-list 103 permit tcp any host 12.42.189.4 eq pop3 >>bridge 1 protocol ieee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29817&t=29794 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
