MADMAN wrote: >Yes I have run into problems defining http also. The bottom line is I >now only "inspect" TCP, UDP and FTP. These cover all the others without >breaking them!!! > thanks for the heads up I just updated IOS to v12.2.6a (I know I'm crazy but I might want cisco's support) what version of IOS have these problems?
> > Dave > >"Steven A. Ridder" wrote: > >>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on >>CBAC. I ran into that problem before. >> >>""Ray Brehm"" wrote in message >>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> >>>I have a 2621 with IOS IP/FW that I'm unable to connect through to the >>>inside SMTP server. I can connect to that same server using POP3 with no >>>errors. The inside device is a static NAT. The port appears open when I >>>port scan the IP address but I get TCP errors when trying to send mail. >>> >>>Any ideas? Did I miss something stupid? >>>Is the fact that I have multiple "nat inside" interfaces relevant is >>>this situation? (I've never known it to make a difference) >>> >>>Relevant config: >>> >>>ip inspect name firewall http >>>ip inspect name firewall ftp >>>ip inspect name firewall netshow >>>ip inspect name firewall realaudio >>>ip inspect name firewall rtsp >>>ip inspect name firewall smtp >>>ip inspect name firewall tcp >>>ip inspect name firewall udp >>> >>>interface FastEthernet0/0 >>> ip address 10.1.0.1 255.255.255.0 >>> ip nat inside >>> speed 10 >>> full-duplex >>> ntp broadcast >>> bridge-group 1 >>>! >>>interface Serial0/0 >>> ip address 10.1.12.1 255.255.255.0 >>> ip nat inside >>> bridge-group 1 >>>! >>>interface FastEthernet0/1 >>> ip address 12.42.189.2 255.255.255.240 >>> ip access-group 103 in >>> ip nat outside >>> ip inspect firewall out >>> duplex auto >>> speed auto >>>! >>>interface Serial0/1 >>> ip address 10.1.13.1 255.255.255.0 >>> ip nat inside >>> bridge-group 1 >>>! >>>router eigrp 100 >>> redistribute static metric 384 255 255 1 1500 >>> network 10.0.0.0 >>> auto-summary >>> no eigrp log-neighbor-changes >>>! >>>ip nat inside source list 18 interface FastEthernet0/1 overload >>>ip nat inside source static 10.1.0.4 12.42.189.4 >>>ip classless >>>ip route 0.0.0.0 0.0.0.0 12.42.189.1 >>>! >>>logging history debugging >>>logging 10.1.0.3 >>>access-list 18 permit 10.1.0.0 0.0.255.255 >>>access-list 101 permit tcp any any ack >>>access-list 101 permit udp any any >>>access-list 101 permit icmp any any >>>access-list 103 permit tcp any host 12.42.189.4 eq smtp >>>access-list 103 permit tcp any host 12.42.189.4 eq pop3 >>>bridge 1 protocol ieee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29818&t=29794 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
