Could someone look over the config parts I have been staring at for a whole week and making attempts after-hours to get this thing to work? I must be missing something but can't figure it out.
! ! negate this fixup to pass Microsoft's stupid SMTP ! no fixup protocol smtp 25 ! ! there is only one external addr xx.xx.239.14 ! only one external host gets pop3 for web app ! we allow outlook web on 9090 tcp/udp and 20000/20001 ! I think domain is needed for internal dns cache to do lookups ! also we allow MS-VPN clients into an internal for auth ! there will soon be a service net for public ftp and auth dns ! access-list outside permit icmp any any echo-reply access-list outside permit icmp any any time-exceeded access-list outside permit icmp any any unreachable access-list outside permit tcp any host xx.xx.239.14 eq smtp access-list outside permit tcp host prodmail host 66.37.239.14 eq pop3 access-list outside permit tcp any host xx.xx.239.14 eq 9090 access-list outside permit udp any host xx.xx.239.14 eq 9090 access-list outside permit tcp any host xx.xx.239.14 range 20000 20001 access-list outside permit udp any host xx.xx.239.14 range 20000 20001 access-list outside permit udp any host xx.xx.239.14 eq domain access-list outside permit tcp any host xx.xx.239.14 eq domain access-list outside permit udp any host dns1 eq domain access-list outside permit udp any host dns2 eq domain access-list outside permit gre any host dns1 access-list outside permit tcp any host dns1 eq pptp access-list tunnel permit ip 192.168.0.0 255.255.255.0 192.168.1.0
255.255.255.0 access-list service permit tcp any host ftpserver eq ftp access-list service permit tcp any host authdns2 eq domain access-list service permit udp any host authdns2 eq domain ! global (outside) 1 interface nat (inside) 0 access-list tunnel nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (service) 1 0.0.0.0 0.0.0.0 0 0 ! ! statics to provide connection between outside int and internal ! static (inside,outside) tcp interface smtp email smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp prodmail pop3 email pop3 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 9090 email 9090 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 9090 email 9090 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 20000 email 20000 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 20000 email 20000 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 20001 email 20001 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 20001 email 20001 netmask 255.255.255.255 0 0 static (inside,outside) interface dns1 netmask 255.255.255.255 0 0 ! ! apply access-list from above ! access-group outside in interface outside access-group service in interface serviceSomething is not working. I get web browsing from inside, but mail seemed pokey. I could not do MS-VPN or OWA and the pop3 application did not work. Something like routing or the statics are not correct.