The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on
CBAC. I ran into that problem before.
""Ray Brehm"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a 2621 with IOS IP/FW that I'm unable to connect through to the
> inside SMTP server. I can conne
Yes I have run into problems defining http also. The bottom line is I
now only "inspect" TCP, UDP and FTP. These cover all the others without
breaking them!!!
Dave
"Steven A. Ridder" wrote:
>
> The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on
> CBAC. I ran into that
Steven A. Ridder wrote:
>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp on
>CBAC. I ran into that problem before.
>
I'm not actually doing CBAC on the inbound traffic, I'm just letting it
through with the access list. At any rate, I removed the IP inspect
command from th
MADMAN wrote:
>Yes I have run into problems defining http also. The bottom line is I
>now only "inspect" TCP, UDP and FTP. These cover all the others without
>breaking them!!!
>
thanks for the heads up
I just updated IOS to v12.2.6a (I know I'm crazy but I might want
cisco's support)
what vers
For furture reference, once you enable CBAC on an interface, it MONITORS
traffic in both directions.
As for the SMTP thing, you remove ip inspect from the interface, and you can
telnet into the server at port 25? Do I have that right? You SURE you
removed it? Cause if you can get in via 25 via
Steven A. Ridder wrote:
>For furture reference, once you enable CBAC on an interface, it MONITORS
>traffic in both directions.
>
did not know it worked that way, I'll have to go back to the books again
>
>As for the SMTP thing, you remove ip inspect from the interface, and you can
>telnet into t
Ray Brehm wrote:
>
> MADMAN wrote:
>
> >Yes I have run into problems defining http also. The bottom line is I
> >now only "inspect" TCP, UDP and FTP. These cover all the others without
> >breaking them!!!
> >
> thanks for the heads up
> I just updated IOS to v12.2.6a (I know I'm crazy but I mi
Try removing the access lists next. I can't see how POP get's in and smtp
dosen't, especially with CBAC off now.
""MADMAN"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Ray Brehm wrote:
> >
> > MADMAN wrote:
> >
> > >Yes I have run into problems defining http also. The bott
Steven A. Ridder wrote:
>Try removing the access lists next. I can't see how POP get's in and smtp
>dosen't, especially with CBAC off now.
>
I removed all access control from the interface and I still get the same
problem.
I'm going to test it on another router then I'm going after cisco with
ill_ doesn't work, I would definitely consider replacing the
router.
HTH,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 8:20 AM
To: [EMAIL PROTECTED]
Subject: Re: IOS firewall, NAT and smtp [7:29794]
Steven A. Ridder wrote:
definitely consider replacing the
> router.
>
> HTH,
> Kent
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 21, 2001 8:20 AM
> To: [EMAIL PROTECTED]
> Subject: Re: IOS firewall, NAT and smtp [7:29794]
>
&g
; >
> > This will give you a good idea of what's happening at the packet level.
> >
> > If it _still_ doesn't work, I would definitely consider replacing the
> > router.
> >
> > HTH,
> > Kent
> >
> > -Original Message-
If you have nothing blocking access to your mail server but SMTP still
doesn't work why do you think the router is the issue?? Could it be the
mail server
Dave
Ray Brehm wrote:
>
> Steven A. Ridder wrote:
>
> >Try removing the access lists next. I can't see how POP get's in and smtp
>
You say you get "TCP errors when you try to send mail." What kind of TCP
errors? Where are they reported? Are you just relying on Cisco diagnostics
or have you watched what is really happening with a sniffer?
Using a sniffer might reveal that something more than SMTP is involved.
Since none of
All right, I setup an exchange server and a pix firewall in my lab and
I'm getting the same results. POP goes through but SMTP does not. I'm
going to start looking at packet traffic locally to see what the
exchange server is trying to do when port 25 is contacted.
Message Posted at:
http://
6
Fremont: 510.795.6815
Santa Clara: 408.496.0801
Europe: +(44)20 7900 3011
Fax: 510.291.2250
-Original Message-
From: Ray Brehm [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 12:35 PM
To: [EMAIL PROTECTED]
Subject: Re: IOS firewall, NAT and smtp [7:29794]
All right,
Eureka he exclaims while back-handing his Exchange engineer!!!
And the answer is...
After reading some more of your suggestions and grilling my "Exchange
expert" on the server config, I did some poking around on the server
myself. It seems that the SMTP virtual server was configured with
conn
Priscilla,
Once again you are right on track. I ran into this situation or one like
it not long ago. I was not getting any tcp errors but mail was extremely
slow. The one difference here is my firewall was a OpenBSD firewall.
After putting a sniffer on the line I saw authentication trying to be
u
18 matches
Mail list logo