Cisco PIX 515e IMAP issue

Discussion in 'Cisco' started by HandleX84, May 18, 2010.

  1. HandleX84

    HandleX84

    Joined:
    May 18, 2010
    Messages:
    3
    familiar with cisco networking - a tad new to pix configs.

    REQUEST: allow specified outside ip ranges to internal exchange via port 143. this is an email archiving service that mcafee provides. they come into a specific account on the exchange box and basically pull off all the email to there cloud based system.

    ISSUE: i test the connection from a webportal down to the internal exchange box - i keep getting a connection issue. mcafee says its in the pix. everything on the exchange box + the mcafee services is def setup right. i know its in the pix, just dont know where.
    when i test the connection - i see IN the ACL on the outside that the hitcount goes up but yet i get a failure to connect!!
    i did not setup this pix. any help would be much appreciated!!

    Specified OUTSIDE MCAFEE ranges: 208.65.x.x /21 & 208.81.x.x /22

    Internal exchange box: (IN) 192.168.x.x (NAT OUT) 64.123.x.x
    The LAN has its own Public IP (.30) and the exchange has its OWN Public IP (.40)


    1 ACL exsists - outside coming in and reads the following: (inside out has no limits as there is no ACL)

    pixfirewall# show access-list 101
    access-list 101; 9 elements
    access-list 101 line 1 permit icmp any any echo-reply (hitcnt=20)
    access-list 101 line 2 permit icmp any any source-quench (hitcnt=0)
    access-list 101 line 3 permit icmp any any unreachable (hitcnt=990)
    access-list 101 line 4 permit icmp any any time-exceeded (hitcnt=565)
    access-list 101 line 5 permit tcp any host 64.123.x.x eq smtp (hitcnt=889)
    access-list 101 line 6 permit tcp 208.65.x.x 255.255.248.0 host 64.123.x.x eq imap4 (hitcnt=34)
    access-list 101 line 7 permit tcp 208.81.x.x 255.255.252.0 host 64.123.x.x eq imap4 (hitcnt=0)
    access-list 101 line 8 permit tcp 208.65.x.x 255.255.248.0 host 64.123.x.x eq 993 (hitcnt=10)
    access-list 101 line 9 permit tcp 208.81.x.x 255.255.252.0 host 64.123.x.x eq 993 (hitcnt=0)



    i cant help but to think its SOMETHING in the ACL. because it appears the IMAP (SSL OR NON) request gets to the ACL and produces an increase in the hitcnt. however, doesnt make it to the exchange box.


    Do you guys need more config logs or can you steer me in what could be causing this issue?
     
    HandleX84, May 18, 2010
    #1
    1. Advertising

  2. HandleX84

    HandleX84

    Joined:
    May 18, 2010
    Messages:
    3
    ive read that if u upgrade from pix firewall v 6.3.1 to 7 - its been known to fix similiar issues. but how is that possible?
     
    HandleX84, May 18, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Romeo
    Replies:
    1
    Views:
    480
    Walter Roberson
    Mar 20, 2006
  2. Speed3ple
    Replies:
    0
    Views:
    3,015
    Speed3ple
    Apr 4, 2006
  3. kck126

    PIX 515e IMAP Problems

    kck126, Sep 6, 2006, in forum: Cisco
    Replies:
    0
    Views:
    1,660
    kck126
    Sep 6, 2006
  4. sardonic2@gmail.com

    Cisco PIX 515E Bandwidth Issue

    sardonic2@gmail.com, Dec 4, 2007, in forum: Cisco
    Replies:
    1
    Views:
    727
    BoBraxton
    Dec 20, 2007
  5. ally0000

    Pix 515E Access ist issue

    ally0000, Jan 12, 2008, in forum: Hardware
    Replies:
    0
    Views:
    991
    ally0000
    Jan 12, 2008
Loading...

Share This Page