1. Home
  2. Cisco Systems
  3. Cisco POP3 forwarding

Cisco POP3 forwarding

Hi,

I have a Windows Server for SBS, and a cisco 837 router. I need to setup POP3 email access for my boss, and from my understanding the SBS includes support for this out of the box. I can see in the server management that POP3 access is enabled.

I have no formal cisco training, but i have had a look at the cisco config. I beleive i should be forwarding incoming traffic on port 110 from my external IP to my internal server's IP.

I can see in my cisco config i have the line:

ip nat inside source static tcp 192.168.1.5 110 203.153.229.11 110 extendable

which i beleive forwards tcp port 110 traffic to the server.

I also have a section in the cisco config which permits mail:

ip access-list extended ACL-Outside .... remark *** Permits Mail *** remark permit tcp any host 203.153.229.11 eq smtp permit tcp any host 203.153.229.11 eq www permit tcp any host 203.153.229.11 eq 443

but i beleive i have to add the next line:

permit tcp any host 203.153.229.11 eq pop3

Could anyone help? Will adding the above line allow pop3 mail traffic through to my server for processing? If so, how exactly do i add this to the cisco config? I know i can enter 'enable' at the terminal to show the configuration details, and also enter 'configure (...something??)' at the terminal to configure the access list, so what should be the commands i enter to add the permit tcp any host x.x.x.x eq pop3 to the cisco configuration?

Thanks in advance Simon

Reply to
siik
Loading thread data ...

Your original post on May 14th was responded to. Perhaps you should refer to the response.

Best Regards, News Reader

Reply to
News Reader

That message list was deleted, and due to unforeseen circumstances can no longer be recovered. Apologies. Any help is still appreciated

Reply to
siik

This is the response to your initial post on May 14th.:

siik wrote: > Hi, >

You are only allotting 5% of you memory for I/O. You might want to use "show memory summary", and verify that you have adequate "free" I/O memory. This might bite you some day.

You need to change these passwords. They should not have been included in your post. Type 7 passwords are easily decrypted with readily available tools and takes less than 1 sec. You may even want to change the usernames, and not include them in future posts.

You should not have included this password in your post. You need to change it now!

You should consider an ACL on the inside interface to implement a reasonable security policy. If you do, then use inspection on the outside interface to provision the return path.

You need to change these passwords. They should not have been included in your post. Type 7 passwords are easily decrypted with readily available tools and takes less than 1 sec.

You might want to place icmp permit ACEs after the permit ACEs for your servers. Presumably there is more traffic to the servers (www, smtp, etc.) than icmp traffic. The sooner you match a given packet in an ACL, the sooner you stop processing the ACL, and forward the packet.

permit tcp any host 203.153.229.11 eq pop3

Remote administration should not be done with Telnet (clear text). They should be using SSH (encrypted).

You need to change this password. It should not have been included in your post. Type 7 passwords are easily decrypted with readily available tools and takes less than 1 sec.

The Access Control Entry (ACE), is part of the access-list. When you enter configuration mode (config t), you then need to enter the specific ACL configuration mode to add an ACE to the ACL:

Do a "show ip access-list ACL-Outside"

Note the sequence numbers beside the ACEs (they probably start at 10, and increment by 10's).

Lets assume you saw this:

110 permit icmp any any unreachable 120 permit tcp any host 203.153.229.11 eq smtp

You might decide that you wanted to place your ACE between these two ACEs. You would specify a sequence number between 110 and 120.

e.g.: devicename(config) # ip access-list extended ACL-Outside devicename(config-ext-nacl) # 115 permit tcp any host 203.153.229.11 eq pop3 devicename(config-ext-nacl) # ex devicename(config) # ip access-list resequence ACL-Outside 10 10

This would resequence the ACEs, starting at 10, and incrementing by 10.

Exit configuration mode, do a "show ip access-list ACL-Outside", and verify the result:

e.g.:

110 permit icmp any any unreachable 120 permit tcp any host 203.153.229.11 eq pop3 130 permit tcp any host 203.153.229.11 eq smtp

Best Regards, News Reader

Reply to
News Reader

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.