Accessing the SMTP from outside network through ASA 5510

hello good people,
I have an issue with my mail server(SME Server) which is behind a Cisco ASA 5500(firewall)  problem is that if one leaves my network they can receive but can not  send email via my SMTP also internal people can only send if they use  the IP address of the server rather than the domain (mail.xxxx.com) any pointers will be appreciated.
here is my layout
ISP - ASA 5510 - LAN (includes mailserver)
Kind regards

Hello George,
If you have public DNS , in order to access the servers hosted inside using their fqdn, then you need  to have dns doctoring. but unfortunately, you are using port address translation ( not a one to one nat) which doesnt work well with dns doctoring..
I assume you can solve this issue with alias command as follows
alias (inside) 199.199.199.99    255.255.255.255
Also, for the other issue can you try to configure an SMTP inspection as follows
policy-map type inspect esmtp esmtp_map
parameters
allow-tls
policy-map global_policy
class inspection_default
inspect esmtp
Hope this helps
Regards
Harish

Similar Messages

  • How to make the application access the fonts from outside library?

    actually the fonts located in the library are considered from the system/library/fonts path. is it possible to make it accessible from outside that path through programatically for indesign applications? if yes means, how to do it?
    thanks
    subha

    i think am not mentioned the question clear.
    the fonts menu inside InDesign lists the fonts from
    for mac: System/Library/Fonts
                  Adobe InDesign CS2/fonts
    for windows: C:\WINDOWS\Fonts
    C:\Program Files\Adobe\Adobe InDesign CS2\Fonts
    is it possible to list the font from someother folder rather than this folders.
    by
    Subha...

  • How to access OBI Dashboards from outside Network.

    Hi Gurus
    I want to access MY Dashboards Reports from any where on internet. My BI server is available on LAN so how i ;ll make it available to access it from any place.
    Any Reference DOC, Blog or guide.
    Regards
    Sher

    Sher Ullah Baig wrote:
    I want to access MY Dashboards Reports from any where on internet. My BI server is available on LAN so how i ;ll make it available to access it from any place. I've just re-read your original question - If you want the BI Server accessible on the internet you need it visibile outside of your firewall - Your network people should be able to set up any routing you need to achieve this.
    Chances are if you have a VM running on an internal server, you wont have this access by default - there are various security hoops to jump through to get this working.

  • Unable to access public ip from branch vpn (Cisco ASA 5510 Firewall)

                       Hi,
    As per the above diagram
    in Head office -  able to access public ips
    In Branch office - unable to access public ips only accessing head office servers and internet is shared from head office.
    please see the below configuration in Branch office router:
    access-list 1 permit any
    access-list 100 remark ****** Link to Firewall-HO1 ******
    access-list 100 permit ip 10.21.211.0 0.0.0.255 172.16.35.0 0.0.0.255
    access-list 100 permit ip 10.21.211.0 0.0.0.255 10.10.0.0 0.0.255.255
    access-list 100 permit ip 10.21.211.0 0.0.0.255 10.11.0.0 0.0.255.255
    access-list 100 permit ip 10.21.211.0 0.0.0.255 10.12.0.0 0.0.255.255
    access-list 100 permit ip 10.21.111.0 0.0.0.255 172.16.35.0 0.0.0.255
    access-list 100 permit ip 10.21.111.0 0.0.0.255 10.10.0.0 0.0.255.255
    access-list 100 permit ip 10.21.111.0 0.0.0.255 10.11.0.0 0.0.255.255
    access-list 100 permit ip 10.21.111.0 0.0.0.255 10.12.0.0 0.0.255.255
    access-list 100 permit ip 10.21.10.0 0.0.0.255 172.16.35.0 0.0.0.255
    access-list 100 permit ip 10.21.10.0 0.0.0.255 10.10.0.0 0.0.255.255
    access-list 100 permit ip 10.21.10.0 0.0.0.255 10.11.0.0 0.0.255.255
    access-list 100 permit ip 10.21.10.0 0.0.0.255 10.12.0.0 0.0.255.255
    access-list 100 permit ip 10.21.211.0 0.0.0.255 host 78.93.190.226
    access-list 100 permit ip 10.21.111.0 0.0.0.255 host 78.93.190.226
    access-list 100 permit ip any any
    access-list 101 deny   ip 10.21.211.0 0.0.0.255 10.10.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.211.0 0.0.0.255 10.11.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.211.0 0.0.0.255 10.12.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.211.0 0.0.0.255 172.0.0.0 0.255.255.255
    access-list 101 deny   ip 10.21.111.0 0.0.0.255 10.10.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.111.0 0.0.0.255 10.11.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.111.0 0.0.0.255 10.12.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.111.0 0.0.0.255 172.0.0.0 0.255.255.255
    access-list 101 deny   ip 10.21.10.0 0.0.0.255 10.10.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.10.0 0.0.0.255 10.11.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.10.0 0.0.0.255 10.12.0.0 0.0.255.255
    access-list 101 deny   ip 10.21.10.0 0.0.0.255 172.0.0.0 0.255.255.255
    access-list 101 permit ip host 10.21.211.51 any
    access-list 101 permit tcp 10.21.211.0 0.0.0.255 host 66.147.240.160 eq pop3
    access-list 101 permit tcp 10.21.211.0 0.0.0.255 host 66.147.240.160 eq smtp
    access-list 101 permit tcp 10.21.211.0 0.0.0.255 host 78.93.56.10 eq pop3
    access-list 101 permit tcp 10.21.211.0 0.0.0.255 host 78.93.56.10 eq smtp
    access-list 102 permit ip 10.21.211.0 0.0.0.255 any
    route-map nonat permit 10
    match ip address 101
    Thanks for your valuable time and cosiderations

    any1 can help me ?

  • Is it possible to access my TimeCapsule from outside my local network via internet? If so what is the best app  that  can help me?

    is it possible to access my TimeCapsule from outside my local network via internet? If so what is the best app  that  can help me?

    iCloud can do it..
    http://www.apple.com/au/support/icloud/back-to-my-mac/
    You need Lion and latest firmware on the TC..
    Were you hoping to use the ipad/iphone??  That maybe possible but I am not sure how.
    You cannot use windows without opening SMB to some strange port and this is going to mess with security.. you also need a static ip address from your ISP.. most private net users do not have this.
    You can do it via vpn.. you will need to buy a vpn router and bridge the TC to it.
    Just google remote access time capsule.. there are a zillion posts about it.

  • UNABLE TO ACCESS THE INTERNET FROM LOCAL PROVIDER ON A SITE-TO-SITE VPN CONNECTION

    Dear All,
    I have a site-to-site connection  from point A to point B. From point B i am unable to access the internet from local internet provider.
    I am trying to ping from 192.168.20.1 the dns 8.8.8.8   but i receive the  message "destination net unreachable".
    When i run "show ip nat translation" i receive nothing.
    The vpn connection is working properly, i can ping the other side 192.168.10/24
    Below is the configuration of the cisco router on point B.
    dot11 syslog
    ip source-route
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.21.254
    ip dhcp pool voice
     network 192.168.21.0 255.255.255.0
     default-router 192.168.21.254 
     option 150 ip 192.168.5.10 
    ip cef
    ip domain name neocleous.ru
    ip inspect name IOS_FIREWALL tcp
    ip inspect name IOS_FIREWALL udp
    ip inspect name IOS_FIREWALL icmp
    ip inspect name IOS_FIREWALL h323
    ip inspect name IOS_FIREWALL http
    ip inspect name IOS_FIREWALL https
    ip inspect name IOS_FIREWALL skinny
    ip inspect name IOS_FIREWALL sip
    no ipv6 cef
    multilink bundle-name authenticated
    vty-async
    isdn switch-type primary-net5
    redundancy
    crypto isakmp policy 5
     hash md5
     authentication pre-share
     group 2
    crypto isakmp policy 10
     encr aes
     authentication pre-share
     group 2
     lifetime 28800
    crypto isakmp policy 50
     encr 3des
     hash md5
     authentication pre-share
     group 2
    crypto isakmp key Pb85heuvMde9Wdac5Qohha7lziIf142u address [ip address]
    crypto isakmp invalid-spi-recovery
    crypto isakmp keepalive 10
    crypto ipsec transform-set TRANSET esp-aes esp-sha-hmac 
    crypto ipsec transform-set TRANSET2 esp-des esp-md5-hmac 
    crypto ipsec df-bit clear
    crypto map CryptoMAP1 ipsec-isakmp 
     set peer [ip address]
     set transform-set TRANSET 
     match address CryptoACL
    interface FastEthernet0/0
     description Primary Provider
     ip address [PUBLIC IP MAIN PROVIDER] 255.255.255.252
     ip access-group outside_acl in
     ip mtu 1390
     ip nat outside
     ip virtual-reassembly in
     load-interval 30
     duplex auto
     speed auto
     crypto map CryptoCY
     crypto ipsec df-bit clear
    interface FastEthernet0/1
     description TO LAN
     no ip address
     load-interval 30
     speed 100
     full-duplex
    interface FastEthernet0/1.1
     description DATA VLAN
     encapsulation dot1Q 20
     ip address 192.168.20.254 255.255.255.0
     ip access-group inside_acl in
     ip nat inside
     ip inspect IOS_FIREWALL in
     ip virtual-reassembly in
     ip tcp adjust-mss 1379
    interface FastEthernet0/1.2
     description VOICE VLAN
     encapsulation dot1Q 21
     ip address 192.168.21.254 255.255.255.0
    interface Serial0/2/0:15
     no ip address
     encapsulation hdlc
     isdn switch-type primary-net5
     isdn incoming-voice voice
     no cdp enable
    interface FastEthernet0/3/0
     no ip address
     ip access-group outside_acl in
     ip nat outside
     ip virtual-reassembly in
     shutdown
     duplex auto
     speed auto
     crypto map CryptoCY
    ip local pool VPNPool 192.168.23.2 192.168.23.10
    ip forward-protocol nd
    ip http server
    no ip http secure-server
    ip nat inside source list nat_list interface FastEthernet0/3/0 overload
    ip route 0.0.0.0 0.0.0.0 [default gateway ip]
    ip access-list standard VTY
      permit 192.168.20.0 0.0.0.255
    ip access-list extended CryptoACL
     permit ip 192.168.20.0 0.0.0.255 192.168.3.0 0.0.0.255
     permit ip 192.168.21.0 0.0.0.255 192.168.5.0 0.0.0.255
     permit ip 192.168.21.0 0.0.0.255 192.168.6.0 0.0.0.255
     permit ip 192.168.21.0 0.0.0.255 192.168.12.0 0.0.0.255
     permit ip 192.168.21.0 0.0.0.255 192.168.2.0 0.0.0.255
     permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
     permit ip host 192.168.22.1 192.168.5.0 0.0.0.255
     permit ip host 192.168.20.1 192.168.5.0 0.0.0.255
     permit ip host 192.168.22.1 192.168.6.0 0.0.0.255
    ip access-list extended DFBIT_acl
     permit tcp any any
    ip access-list extended inside_acl
     permit ip 192.168.20.0 0.0.0.255 host 192.168.3.35
     permit ip 192.168.20.0 0.0.0.255 host 192.168.3.39
     permit ip 192.168.20.0 0.0.0.255 host 192.168.3.23
     permit ip 192.168.20.0 0.0.0.255 host 192.168.3.18
     permit ip 192.168.20.0 0.0.0.255 host 192.168.3.55
     permit ip 192.168.20.0 0.0.0.255 host 192.168.10.144
     permit ip 192.168.20.0 0.0.0.255 host 192.168.10.146
     permit ip 192.168.20.0 0.0.0.255 host 192.168.10.141
     permit ip host 192.168.20.253 host 192.168.3.21
     permit ip host 192.168.20.254 host 192.168.3.21
     permit ip 192.168.20.0 0.0.0.255 host 192.168.3.10
     permit ip 192.168.20.0 0.0.0.255 host 192.168.20.254
    ip access-list extended nat_list
     deny   ip host 192.168.20.254 192.168.10.0 0.0.0.255
     deny   ip host 192.168.20.254 192.168.3.0 0.0.0.255
     deny   ip host 192.168.20.1 192.168.3.0 0.0.0.255
     deny   ip host 192.168.20.1 192.168.10.0 0.0.0.255
     deny   ip host 192.168.20.2 192.168.3.0 0.0.0.255
     deny   ip host 192.168.20.2 192.168.10.0 0.0.0.255
     permit ip host 192.168.20.1 any
     permit ip host 192.168.20.2 any
     permit ip host 192.168.20.254 any
    ip access-list extended outside_acl
     permit gre any host [ip address]
     permit esp any host [ip address]
     deny   ip any any
    ip sla 2
     icmp-echo 192.168.10.254 source-interface FastEthernet0/1.1
     frequency 180
     timeout 500
    ip sla schedule 2 life forever start-time now
    logging 192.168.3.21
    route-map DFBIT_routemap permit 10
     match ip address DFBIT_acl
     set ip df 0
    route-map ISP2 permit 10
     match ip address nat_list
     match interface FastEthernet0/3/0
    route-map nonat permit 10
     match ip address nonat_acl
    route-map ISP1 permit 10
     match ip address nat_list
     match interface FastEthernet0/0

    You cannot access internet, because all traffic is tunneled for VPN !!!!
    Please see cisco tech documentation and bypass traffic for internet.
    eg.  if lan traffic is going from site a to site b  then through vpn
          else
           lan traffic to internet (any) should be out thorugh the vpn .

  • How to access the SAP Server Console? Through VPN

    How to access the SAP Server Console? Through VPN
    Sudhakar

    Hi,
    You need to contact your system admin as they will enable the port in ur system so that u can access client servers.It should also be allowed from client side also i mean access.
    You will connect thru weblink with user name and pw and SAP with logon details.
    Thanks
    Suresh

  • Unable to access the data from Data Management Gateway: Query timeout expired

    Hi,
    Since 2-3 days the data refresh is failing on our PowerBI site. I checked below:
    1. The gateway is in running status.
    2. Data source is also in ready status and test connection worked fine too.
    3. Below is the error in System Health -
    Failed to refresh the data source. An internal service error has occurred. Retry the operation at a later time. If the problem persists, contact Microsoft support for further assistance.        
    Error code: 4025
    4. Below is the error in Event Viewer.
    Unable to access the data from Data Management Gateway: Query timeout expired. Please check 1) whether the data source is available 2) whether the gateway on-premises service is running using Windows Event Logs.
    5. This is the correlational id for latest refresh failure
    is
    f9030dd8-af4c-4225-8674-50ce85a770d0
    6.
    Refresh History error is –
    Errors in the high-level relational engine. The following exception occurred while the managed IDataReader interface was being used: The operation has timed out. Errors in the high-level relational engine. The following exception occurred while the
    managed IDataReader interface was being used: Query timeout expired. 
    Any idea what could have went wrong suddenly, everything was working fine from last 1 month.
    Thanks,
    Richa

    Never mind, figured out there was a lock on SQL table which caused all the problems. Once I released the lock it PowerPivot refresh started working fine.
    Thanks.

  • I have just down loaded a movie on my itune using my new ipad. i have also bought and apple tv how come i cant play the movie from my ipad through the apple tv? i tried syncing the ipad to my comp and playing the movie that way but once in my itunes no mo

    I've downloaded a movie on my ipad and I've hooked up my apple tv.  Why can't i whatch the movie from my ipad through my apple tv?  I tried synching my ipad to see if, when synched, I would see the movie on my computer in itunes.  No luck there.  What am I doing wrong?  Why is it showing in my itunes on my ipad but the movie has disappeared when I look at my itunes on my computer so that I can watch it via Apple TV?

    If you rented it directly on the Apple TV then you can't transfer it off and you have it watch it on that - from http://support.apple.com/kb/HT1415 :
    You can move the rental between devices as many times as you wish during the rental period. However, the movie can only be played on one device at a time. If you rent a movie on an iPhone, iPad, iPod touch, or Apple TV, it is not transferable to any other device and you must watch it on that device.

  • How can i access the EJB from a Webdynpro

    Dear all,
    How can i access the ejb , from a webdynpro?.
    Is there any way to do that?.
    I want to write the entire code (business functions) within the EJB and i wan to access the entire methods from a WebDynpro Application.This is the situation.
    Please help me to , resolve this problem.(Here im using JDBC Connection .. etc.).
    I want to do the basic connection setting's and data retrieval part within the EJB and use that within the WebDynpro..
    how can i seperate this two(i mean, i want to seperate the JDBC connections and WebDynpro,i dont want to hard code any connection parameters within the webdynpro code)
    So that i want use that saet of particular function's in many webdynpro applications..
    (i dont need any help regarding webservice way.)
    If anyone can , please help me..
    I tried that javabean class , manifest file , that way (importing javabean model).
    but im getting errors.
    I cant properly utilize that..
    So please help me with steps regarding that,,
    for javabean
    and if any , for EJB also..
    with regards
    Kishor.G

    HI,
    Since webdynpros follows Model View Controller Architecture You can access EJBs in webdynpro(views/frontend) infact to connec to database uding JDBC you have to utilise EJB ( opening connection to database closing, and other Business functionality).See this link
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/unkown/web dynpro tutorial and sample applications.faq#q-7
    <b>How to access the Car Rental Web Service?</b>
    Regards,
    RK

  • Accessing the ServletContext from a class that is not a Servlet?

    Is there any way of accessing the ServletContext from a class that is not a
              Servlet? The class is being used as part of a Web Application.
              Thanks.
              

    http://www.mozilla.org/mirrors.html
    Mozilla has download mirrors around the globe. If it is on the list, it is trustworthy.

  • Why can't I access the Store from my iTunes

    Why can't I access the Store from my iTunes on my PC?

    You must've blocked cookies. iTunes requires cookies I believe. If you did block it follow these steps:
    Go to settings > safari > block cookies > never.

  • I have installed the LATEST VERSION of itunes in my windows and i bought the new ipad with retina display ,i had moved music into the ipad from my windows through the itunes but I DONT KNOW HOW TO MOVE THE VIDEOS IN MY VIDEOS LIBRARY OF MY COMPUTER TO MY

    i have installed the LATEST VERSION of itunes in my windows and i bought the new ipad with retina display ,i had moved music into the ipad from my windows through the itunes but I DONT KNOW HOW TO MOVE THE VIDEOS IN MY VIDEOS LIBRARY OF MY COMPUTER TO MY

    Close your iTunes,
    Go to command Prompt -
    (Win 7/Vista) - START/ALL PROGRAMS/ACCESSORIES, right mouse click "Command Prompt", choose "Run as Administrator".
    (Win XP SP2 n above) - START/ALL PROGRAMS/ACCESSORIES/Command Prompt
    In the "Command Prompt" screen, type in
    netsh winsock reset
    Hit "ENTER" key
    Restart your computer.
    If you do get a prompt after restart windows to remap LSP, just click NO.
    Now launch your iTunes and see if it is working now.
    If you are still having these type of problems after trying the winsock reset, refer to this article to identify which software in your system is inserting LSP:
    Apple software on Windows: May see performance issues and blank iTunes Store
    http://support.apple.com/kb/TS4123?viewlocale=en_US

  • How do I access the music from my Mac drive while booted into Windows?

    How do I access the music from my Mac drive while booted into Windows via Bootcamp? I tried using MacDrive but it's not supported for Vista 64-bit edition. Is there another program out there that I can use? I just want to be able to access my music that's on Leopard while in Vista. Any advice will be much appreciated. Thanks in advance.

    Your best bet is to move the music on the Windows side since Leopard will be able to read and play the music from the mounted Windows drive (Leopard will not be able write anything to the Windows NTFS partition).
    In your case it won't work the other way around.
    Axel F.

  • What is the easiest way to access the router from an iPad?  I have no problems accessing it from my laptop.  Even though I am entering the address in the left address box, not the Google search box, it wants to do either a search, or add www beginning of

    What is the easiest way to access the router from an iPad?  I have no problems accessing it from my laptop.  Even though I am entering the address in the left address box, not the Google search box, it wants to do either a search, or add www to the beginning of the IP address.
    I usually can eventually access the router, but it is way to much trouble.  However, I use my iPad hundreds of times more often than my laptop.

    Are you typing http:// in front of the IP address of the router? e.g. http://192.168.0.1
    Sometimes, and with some routers it doesn't seem to like it if you miss off the http://

Maybe you are looking for