Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 515e IMAP Problems

Reply
Thread Tools

PIX 515e IMAP Problems

 
 
kck126 kck126 is offline
Junior Member
Join Date: Sep 2006
Posts: 1
 
      09-06-2006
Hey Everyone. I'm new to the Cisco's PIX and my past Cisco exposure was years ago. I was wondering if the kind people here could potentially help me with a current issue. I recently started a position only to find that the former employee had purposely caused some problems prior to his departure! As a result I'm left with a config that doesn't make much sense to me.


I am working with a Cisco 515e PIX and my problem is with the IMAP4 forwarding. I need the pix to forward port 143 to my email server inorder to access mail from the public side. However, I have been unable to do so. The best I have been able to do is get the port status to a closed state rather then stealth (which indicates my ISP isn't blocking the port).

*Please Note:* This network is in need of a major overhaul. It is very apparent that it needs rebuilt from the ground up. I am aware of that, but my initial concern is getting the servers IMAP port accessible from outside the network.






Guardian# sh ru
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security10
enable password XXX encrypted
passwd XXX encrypted
hostname Guardian
domain-name XXX.com
clock timezone est -5
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
no fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 191.0.33.1 mail
name 192.168.5.2 qmail
access-list smtp deny tcp host 24.209.xxx.xxx any
access-list smtp deny tcp host 193.2.xxx.xxx any
access-list smtp deny tcp host 65.42.xxx.xxx any
access-list smtp permit tcp any host 66.148.xxx.xxx eq smtp
access-list smtp permit tcp any host 66.148.xxx.xxx eq www
access-list smtp permit tcp host 209.248.xxx.xxx host 66.148.xxx.xxx eq imap4
access-list smtp permit tcp host 209.248.xxx.xxx host 66.148.xxx.xxx eq imap4
access-list smtp permit tcp host 209.248.xxx.xxx host 66.148.xxx.xxx eq smtp
access-list smtp permit tcp host 209.248.xxx.xxx host 66.148.xxx.xxx eq smtp
access-list smtp permit tcp any host 66.148.xxx.xxx eq imap4
access-list vpn permit ip 191.0.0.0 255.0.0.0 192.168.6.0 255.255.255.0
access-list vpn permit ip 191.0.0.0 255.0.0.0 192.168.5.0 255.255.255.0
access-list inside_acl permit icmp any any
access-list inside_acl permit tcp any host qmail eq pop3
access-list inside_acl permit tcp any host qmail eq ssh
access-list inside_acl permit udp any any eq domain
access-list inside_acl permit tcp any any eq www
access-list inside_acl permit tcp any any eq netbios-ssn
access-list inside_acl permit tcp any any eq 445
access-list inside_acl permit udp any any eq netbios-ns
access-list inside_acl permit udp any any eq netbios-dgm
access-list inside_acl permit udp any any eq 445
access-list inside_acl permit tcp any any eq ftp-data
access-list inside_acl permit tcp any any eq ftp
access-list inside_acl permit tcp any any eq smtp
access-list inside_acl permit tcp any any eq ssh
access-list inside_acl permit tcp any any
access-list inside_acl permit udp any any
access-list outbound deny tcp any any eq aol
access-list outbound deny tcp any host 204.15.xxx.xxx
access-list outbound deny tcp any host 64.236.xxx.xxx
access-list outbound permit tcp any any
access-list outbound permit udp any any
access-list outbound permit icmp any host qmail
access-list outbound deny tcp any host 24.209.xxx.xxx
access-list troubleshoot permit tcp any any eq www
access-list troubleshoot deny tcp any any
access-list troubleshoot deny udp any any
pager lines 24
logging on
logging timestamp
logging trap notifications
logging facility 16
logging device-id ipaddress inside
logging host inside 192.168.1.37
icmp deny any echo outside
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside 66.148.xxx.xxx 255.255.255.224
ip address inside 191.0.33.189 255.255.224.0
ip address DMZ 192.168.5.1 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool 192.168.6.1-192.168.6.50
ip local pool ipsec-pool 192.168.6.51-192.168.6.100
pdm location 191.0.33.221 255.255.255.255 inside
pdm location 10.10.1.0 255.255.255.0 inside
pdm location 10.10.2.0 255.255.255.0 inside
pdm location mail 255.255.255.255 inside
pdm location 191.0.33.2 255.255.255.255 inside
pdm location 191.0.33.0 255.255.255.0 inside
pdm location 191.0.34.18 255.255.255.255 inside
pdm location 191.0.96.0 255.255.224.0 inside
pdm location 191.0.0.0 255.255.0.0 inside
pdm location 192.168.5.3 255.255.255.255 DMZ
pdm location 192.168.5.4 255.255.255.255 DMZ
pdm location 191.0.65.0 255.255.255.0 inside
pdm location 192.168.0.0 255.255.255.0 inside
pdm location 191.0.32.0 255.255.224.0 inside
pdm location 191.0.33.115 255.255.255.255 inside
pdm location 191.0.0.0 255.0.0.0 inside
pdm location 192.168.5.0 255.255.255.0 inside
pdm location 192.168.6.0 255.255.255.0 outside
pdm location 191.0.33.6 255.255.255.255 inside
pdm location 191.0.33.7 255.255.255.255 inside
pdm location 191.0.33.90 255.255.255.255 inside
pdm location 191.0.64.0 255.255.224.0 inside
pdm history enable
arp timeout 14400
global (outside) 2 interface
global (inside) 3 interface
nat (inside) 0 access-list vpn
nat (inside) 2 191.0.0.0 255.255.0.0 0 0
nat (DMZ) 2 192.168.5.0 255.255.255.0 0 0
nat (DMZ) 3 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 191.0.33.2 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 191.0.33.2 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ftp mail ftp netmask 255.255.255.255 0 0
static (DMZ,inside) tcp 192.168.5.3 smtp 192.168.5.3 smtp netmask 255.255.255.255 0 0
static (DMZ,outside) tcp 66.148.xxx.xxx smtp qmail smtp netmask 255.255.255.255 0 0
static (DMZ,outside) tcp 66.148.xxx.xxx imap4 qmail imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 191.0.33.2 imap4 netmask 255.255.255.255 0 0
static (inside,DMZ) 191.0.33.0 191.0.33.0 netmask 255.255.255.0 0 0
static (DMZ,inside) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.6.0 192.168.6.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
access-group smtp in interface outside
access-group outbound in interface inside
access-group inside_acl in interface DMZ
route outside 0.0.0.0 0.0.0.0 66.148.168.225 1
route inside 10.10.1.0 255.255.255.0 191.0.32.1 1
route inside 10.10.2.0 255.255.255.0 191.0.32.1 1
route inside 191.0.64.0 255.255.224.0 191.0.33.5 1
route inside 191.0.96.0 255.255.224.0 191.0.32.1 1
route inside 192.168.0.0 255.255.255.0 191.0.32.1 1
route inside 192.168.1.0 255.255.255.0 191.0.33.5 1
route inside 192.168.6.0 255.255.255.0 191.0.33.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 132.163.4.101 source outside
http server enable
http 191.0.34.18 255.255.255.255 inside
http mail 255.255.255.255 inside
http 191.0.33.221 255.255.255.255 inside
http 191.0.33.115 255.255.255.255 inside
http 191.0.33.90 255.255.255.255 inside
snmp-server host inside 191.0.33.2 poll
snmp-server host inside 192.168.1.24
no snmp-server location
no snmp-server contact
snmp-server community Trunetmanagementgroup
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp enable inside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup xxx address-pool ipsec-pool
vpngroup xxx dns-server 64.19.9.18
vpngroup xxx wins-server mail
vpngroup xxx default-domain zeltd
vpngroup xxx split-tunnel vpn
vpngroup xxx idle-time 1800
vpngroup xxx password xxx
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn username x password *********
vpdn enable outside
vpdn enable inside
dhcpd address 191.0.33.90-191.0.33.120 inside
dhcpd dns 64.xxx.xxx.xxx 64.xxx.xxx.xxx
dhcpd wins mail mail
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain ZELTD
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:008b16e6d08c4834dd9dee718d3445c5
: end
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco PIX 515e IMAP issue HandleX84 Cisco 1 05-18-2010 07:17 PM
imap and Tmail. Getting whole email with imap Adam Akhtar Ruby 1 12-15-2008 10:55 PM
net/imap - imap.search "TO" can't find email jasonnaylor Ruby 1 04-16-2008 04:05 AM
Writing IMAP->GMail proxy... Where to go for IMAP RFC help? Jon Fi Ruby 4 10-21-2006 09:00 PM
Curier-IMAP and imap.create() Henrik Ormåsen Ruby 0 08-19-2006 06:29 AM



Advertisments