Steven A. Ridder wrote: >Try removing the access lists next. I can't see how POP get's in and smtp >dosen't, especially with CBAC off now. > I removed all access control from the interface and I still get the same problem. I'm going to test it on another router then I'm going after cisco with this one. Thanks for your help
> > >""MADMAN"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>Ray Brehm wrote: >> >>>MADMAN wrote: >>> >>>>Yes I have run into problems defining http also. The bottom line is I >>>>now only "inspect" TCP, UDP and FTP. These cover all the others >>>> >without > >>>>breaking them!!! >>>> >>>thanks for the heads up >>>I just updated IOS to v12.2.6a (I know I'm crazy but I might want >>>cisco's support) >>>what version of IOS have these problems? >>> >> I know it wasn't in 12.2!! As i said before, I don't think it's doing >>anything cept eating up NVRAM when you add, for example, inspect http >>when tcp covers http. >> >> Dave >> >>>> Dave >>>> >>>>"Steven A. Ridder" wrote: >>>> >>>>>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp >>>>> >on > >>>>>CBAC. I ran into that problem before. >>>>> >>>>>""Ray Brehm"" wrote in message >>>>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >>>>> >>>>>>I have a 2621 with IOS IP/FW that I'm unable to connect through to >>>>>> >the > >>>>>>inside SMTP server. I can connect to that same server using POP3 with >>>>>> >no > >>>>>>errors. The inside device is a static NAT. The port appears open when >>>>>> >I > >>>>>>port scan the IP address but I get TCP errors when trying to send >>>>>> >mail. > >>>>>>Any ideas? Did I miss something stupid? >>>>>>Is the fact that I have multiple "nat inside" interfaces relevant is >>>>>>this situation? (I've never known it to make a difference) >>>>>> >>>>>>Relevant config: >>>>>> >>>>>>ip inspect name firewall http >>>>>>ip inspect name firewall ftp >>>>>>ip inspect name firewall netshow >>>>>>ip inspect name firewall realaudio >>>>>>ip inspect name firewall rtsp >>>>>>ip inspect name firewall smtp >>>>>>ip inspect name firewall tcp >>>>>>ip inspect name firewall udp >>>>>> >>>>>>interface FastEthernet0/0 >>>>>>ip address 10.1.0.1 255.255.255.0 >>>>>>ip nat inside >>>>>>speed 10 >>>>>>full-duplex >>>>>>ntp broadcast >>>>>>bridge-group 1 >>>>>>! >>>>>>interface Serial0/0 >>>>>>ip address 10.1.12.1 255.255.255.0 >>>>>>ip nat inside >>>>>>bridge-group 1 >>>>>>! >>>>>>interface FastEthernet0/1 >>>>>>ip address 12.42.189.2 255.255.255.240 >>>>>>ip access-group 103 in >>>>>>ip nat outside >>>>>>ip inspect firewall out >>>>>>duplex auto >>>>>>speed auto >>>>>>! >>>>>>interface Serial0/1 >>>>>>ip address 10.1.13.1 255.255.255.0 >>>>>>ip nat inside >>>>>>bridge-group 1 >>>>>>! >>>>>>router eigrp 100 >>>>>>redistribute static metric 384 255 255 1 1500 >>>>>>network 10.0.0.0 >>>>>>auto-summary >>>>>>no eigrp log-neighbor-changes >>>>>>! >>>>>>ip nat inside source list 18 interface FastEthernet0/1 overload >>>>>>ip nat inside source static 10.1.0.4 12.42.189.4 >>>>>>ip classless >>>>>>ip route 0.0.0.0 0.0.0.0 12.42.189.1 >>>>>>! >>>>>>logging history debugging >>>>>>logging 10.1.0.3 >>>>>>access-list 18 permit 10.1.0.0 0.0.255.255 >>>>>>access-list 101 permit tcp any any ack >>>>>>access-list 101 permit udp any any >>>>>>access-list 101 permit icmp any any >>>>>>access-list 103 permit tcp any host 12.42.189.4 eq smtp >>>>>>access-list 103 permit tcp any host 12.42.189.4 eq pop3 >>>>>>bridge 1 protocol ieee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29877&t=29794 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
