Unable to telnet on port 143 on the public ip of the server

I have a mail server behind a firewall ( ASA 8.3 ), and I have made the configuration in order to telnet on port 143 ( natting and access rule ), but when I try to telnet to the server from the inside ( telnet on the private ip ) I get the following response : OK the Microsoft Exchange IMAP4 service is ready. But when I try it from the outside ( telnet on the public ip ) the port seemes to be opened but I get a blank screen without the message. I have removed the inspection also but nothing happened.
Please I need your help.

Hello Osama,
Can you post the nat configuration and the ACL configuration for this setup?
Also provide the following?
packet-tracer input outside tcp x.x.x.x (host on the outside) 1025 x.x.x.x( public ip address of the server) 143
Then I would like to create some captures, but first let work on this!
Regards,
Julio

Similar Messages

  • I am having a problem moving files from a iMac  in location mac in another location.  I have tried using Dropbox and the Public folder in the i disc.  When I drag the files into dropbox they become alias' and I can't open them at the other end beca

    I am having a problem moving files from an imac in one location to an imac inanother location.  I have tried using Dropbox which is installed in both locations but when i drad a file ino yhe app it becomes an alias.  When I get to the other location it says I can't open the file because the " original application that created it is not present".  This is despite the fact that the app that created both files is installed in both computers.  If I use the Public folder in the idisc, when I get to the other location the file isn't there.  Am I forgetting to turn something on or off?  Should I manually sync the Public folder and if so how? Thanks
    Message was edited by: stephenfromdelray beach

    So now that's two of us.  Hopefully, someone has an answer. 

  • Access to the Public Templates in the Favourites Tab in the Shop Cart scree

    Hi All,
    How to find out who has the access to the Public Templates in the Favourites Tab in the Shopping Cart screen in EBP 3.O version.
    Any Inputs will be highly appreciated.
    Thanks
    Sunil

    Hi All,
    How to find out who has the access to the Public Templates in the Favourites Tab in the Shopping Cart screen in EBP 3.O version.
    Any Inputs will be highly appreciated.
    Thanks
    Sunil

  • I can't get my pictures into the public folder on the iPad 3.  Can anyone walk me through the steps?

    I can't get my pictures into the public folder on the iPad 3.  Can someone walk me through the steps?

    Ok, I'll give it a try.
    Presuming you already have a Dropbox account, and you have the app on your pad.
    Open the app, navigate to public folder.  Touch the upload icon at the bottom.  It will show you everything you have already uploaded.  To upload a new picture, then touch the plus sign at the top right.     You can create one or more subfolders to organize it however you want.
    Hit the plus sign again if needed, and the photo listing will show up.  Find the photos you want and mark them by touching them.  Then touch the blue word upload in the upper right.
    ( the directions assume the pad is in the landscape mode.)
    That's really all there is to it.  As I typed this I opened and uploaded a couple of pics to get the steps right.

  • Unable to telnet to port 25 from within or without the network.

    Hi there, I have been wrestling with firewall and mail settings in Server Admin to enable mail services for a client and could use some assistance as I am new to mail administration on OS X.
    I am trying to isolate whether or not I am being blocked by the firewall or by erroneous setup in Mail Settings.
    The firewall service on the network "any" has a check for Mail: SMPT for both TCP and UPD on the "Services" tab.
    At this point I am just working with SMTP for outbound mail only. I have a suspicion that I am not setting the parameters for local internet domain name, and internet host name correctly; or that the settings I have are correct, but not valid.
    The hostname of the server is ##-###-##-###.atgi.net, where ## correspond with the numbers in each octet of the IP address. The MX record is pointing to smtp.CLIENT'SDOMAN.com. (where CLIENTS'SDOMAIN is the actual domain for this company) (Registrar is Network Solutions, I do not have DNS enabled on this server)
    SMTP settings are as follows:
    Enable SMTP is checked
    Allow Incoming mail is not checked
    domain name is: ##-###-##-###.atgi.net
    Host Name is: smtp.CLIENT'SDOMAIN.com
    Everything else in mail settings not active.
    Here are the SMTP log entires when I sart mail service:
    Oct 9 00:02:32 66-182-60-162 postfix/postfix-script: stopping the
    Postfix mail system
    Oct 9 00:02:32 66-182-60-162 postfix/master[13377]: terminating on signal 15
    Oct 9 00:02:32 66-182-60-162 postfix/master[14147]: daemon started --
    version 2.1.5
    Questions:
    1. Shouldn't I be able to see smptd running at this point?
    2. Telnet to port 25 on the server itself and outside the network is rejected, wth?
    3. Should I change the local internet domain ##-###-##-### to be the client's actual domain name?
    Any help that anyone could provide would be greatly appreciated. If I can provide more supporting documentation, please just let me know what would be useful. I am quite new to OS X / Darwin, more comfortable with linux.
    Thanks in advance

    $ sudo postconf -n
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter =
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    enableserveroptions = yes
    html_directory = no
    inet_interfaces = localhost
    localrecipientmaps = proxy:unix:passwd.byname $alias_maps
    luser_relay =
    mail_owner = postfix
    mailboxsizelimit = 0
    mailbox_transport = cyrus
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    messagesizelimit = 10485760
    mydestination = $myhostname,localhost.$mydomain
    mydomain = xpressprintnow.com
    mydomain_fallback = localhost
    myhostname = smtp.xpressprintnow.com
    mynetworks = 127.0.0.0/8
    mynetworks_style = host
    newaliases_path = /usr/bin/newaliases
    queue_directory = /private/var/spool/postfix
    readme_directory = /usr/share/doc/postfix
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    smtpdclientrestrictions = hash:/etc/postfix/smtpdreject
    smtpdenforcetls = no
    smtpdpw_server_securityoptions = plain
    smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
    smtpdsasl_authenable = yes
    smtpdtls_certfile = /etc/certificates/Default.crt
    smtpdtls_keyfile = /etc/certificates/Default.key
    smtpduse_pwserver = yes
    smtpdusetls = no
    unknownlocal_recipient_rejectcode = 550
    virtualmailboxdomains =
    virtual_transport = virtual

  • I want to work on my web-site and switch back and forth between the public view and the admin view but Firefox keeps closing one of them - how do I disarm this?

    Before upgrading to this version of Firefox I could simultaneously have my public version and my admin version of my web-site open. I could make changes in the admin version and then check to make sure the public version registered and displayed the changes just as I wanted them. Now it keeps switching so both of them are public or both of them are admin. I want to know how to disarm this function. Thanks!

    Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
    See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
    If it does work in Safe-mode then disable all your extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
    You can use "Disable all add-ons" on the [[Safe mode]] start window to disable all extensions.
    You have to close and restart Firefox after each change via "File > Exit" (Mac: "Firefox > Quit"; Linux: "File > Quit")

  • I am unable to telnet NAT IP from outside but could ping at the same time. Please help. Here is the router configuration.

    Building configuration...
    Current configuration : 3351 bytes
    ! No configuration change since last restart
    version 15.1
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    no aaa new-model
    memory-size iomem 10
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-1515919628
    enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-1515919628
     revocation-check none
     rsakeypair TP-self-signed-1515919628
    crypto pki certificate chain TP-self-signed-1515919628
     certificate self-signed 01
    ip source-route
    ip dhcp excluded-address 10.10.10.1
    ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1 
     lease 0 2
    ip cef
    no ip domain lookup
    ip domain name yourdomain.com
    no ipv6 cef
    license udi pid CISCO881-K9 sn FCZ1639C2EX
    interface FastEthernet0
     no ip address
    interface FastEthernet1
     no ip address
    interface FastEthernet2
     no ip address
    interface FastEthernet3
    no ip address
    interface FastEthernet4
     ip address 10.1.1.245 255.255.255.0
     ip access-group KARIDGE in
     ip access-group KARIDGE out
     duplex auto
     speed auto
    interface Vlan1
     description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
     ip address 100.241.190.125 255.255.255.240
     ip tcp adjust-mss 1452
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip route 0.0.0.0 0.0.0.0 100.241.190.113
    ip access-list extended KARIDGE
    permit ip host 10.1.1.6 any
    permit ip any host 10.1.1.6
    access-list 23 permit 10.10.10.0 0.0.0.7
    no cdp run
    line con 0
     login local
    line aux 0
    line vty 0 4
     privilege level 15
     login local
     transport input telnet ssh
    end

    Can you connect throght SSH? Which is the error message that you see?
    Looking at your configuration file I don´t see the lines "enable secret" neither "enable password". If you don´t define them you can´t connect remotely to any device.

  • A problem with accessing the public variable inside the function

    Hi,
    I have got this package and I get error 1120: 1120: Access of undefined property aa
    Could you explain why I get this error?
    package somepackage {
        import flash.display.DisplayObject;
        import mx.containers.Canvas;
        public class SoundPictureSigns extends Canvas {
            public var aa:int = 12;
            public function SoundPictureSigns():void {
            public static function setUpSignSizes():void {
                trace("aa="+aa); /// ERROR here: 1120: Access of undefined property aa
    Can you help?
    Regards

    When you write
    class C
        var v;
    you are defining a variable that lives inside each instance of C. In other words, you can write code like
    var c:C = new C();
    c.v = 1;
    If you don't have an instance, you can't access v.
    When you write
    class C
        static var v;
    you are defining a variable that lives inside the class itself, and you can access it without having an instance.
    Gordon Smith
    Adobe Flex SDK Team

  • TMobile and Sony should not scam the public by selling the defective piece of junk xperia

    this phone is a total LEMON, A PIECE OF CRAP.
    Why does a company sell me a phone for $1000 (before tax) that they know does not work properly?
    This is nothing but a scam dirt-bag. company, 
    What kind of company sells you this junk, and then does not stand behind it?

    T-mobile isn't selling the Z1 yet...

  • Unable to Telnet / SSH to a particular cisco switch

    Hello,
    I have an unusual issue that I just can't seem to track down.  We have a Windows Server 2008 R2 box that is unable to telnet or ssh to one switch in our network.
    Server IP:  10.0.0.74
    Cisco Switch IP:  10.1.0.7
    I am able to access all other switches/routers on the 10.1.0.x network, but not this one.  I ping and tracert by ip address and name.
    We have a number other servers on our network and they all can access this switch
    Example:  
    a.  10.0.0.73 can telnet/ssh to 10.1.0.7
    b.  10.0.0.72  can telnet/ssh to 10.1.0.7
    c.  10.0.0.50  can telnet/ssh to 10.1.0.7
    d.  My workstation (10.0.250.213) can telnet/ssh to 10.1.0.7
    If anyone can help with troubleshooting further, I would greatly appreciate it.

    Thanks for the reply Philippe!  Here is the route print
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0         10.0.0.2        10.0.0.74    266
             10.0.0.0      255.255.0.0         On-link         10.0.0.74    266
            10.0.0.74  255.255.255.255         On-link         10.0.0.74    266
         10.0.255.255  255.255.255.255         On-link         10.0.0.74    266
            10.10.0.0      255.255.0.0         On-link         10.0.0.74    266
           10.10.0.74  255.255.255.255         On-link         10.0.0.74    266
        10.10.255.255  255.255.255.255         On-link         10.0.0.74    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         10.0.0.74    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link         10.0.0.74    266
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
              0.0.0.0          0.0.0.0         10.0.0.2  Default
    ===========================================================================
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
      1    306 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    Firewall is disabled and there is no active antivirus.  Im pretty sure port blocking is not the issue.  I am able to ssh and telnet from this box to every other switch/router in our network.
    This server has Solarwinds on it and tracks the health of our network (servers, routers, switches, ups, ect.).  The only reason we noticed an issue is because it stopped backing up the config for this particular switch.  All other switchs/routers
    config is backed up to this server every morning at 2:00AM.  
    With solarwinds, this server is also able to communicate with this switch via snmp / icmp and ping.
    Thanks again for the help!

  • Cannot receive mail from .Mac account on port 143

    I use my laptop at work. I used to have a 12" Powerbook G4 running OS X 10.4.3. I had no problem receiving mail from my .Mac account. Now, and all of a sudden, I can no longer receive my .Mac mail using the Mail app. The error I get is:
    The server "mail.mac.com" refused to allow a connection on port 143.
    I called AppleCare about this issue last night and they told me to perform the following steps:
    1. Choose .Mac in System Preferences and delete my username and password from the Account tab.
    2. Move com.apple.mail.plist and the Mail folder from my ~/Library folder to the desktop.
    3. Restart the Mail app and re-import the Mail folder from the desktop. I was told not to directly copy the Mail folder from the desktop into the ~/Library folder.
    4. Go back into .Mac in System Preferences and re-enter my account information.
    According to AppleCare, things should now work. But there's a little problem with this "solution." I spoke with my network admin and he told me that incoming traffic on port 143 is blocked. That being the case, I fail to see how any of the above steps will solve my problem. It seems nothing more than an issue of trying to get my network admin to open port 143 and he seems reluctant to do that.
    Any feedback would be appreciated.
    Thanks,
    Richard

    I've solved this problem. Well, actually, I didn't do anything other than:
    1) Rebooting my computer, then...
    2) Following the instructions at the top of the following thread to re-create my email accounts (I had two):
    http://discussions.apple.com/message.jspa?messageID=1598309#1598309
    Not sure what this fixed, and how I got into this issue in the first place.
    I had four or five days worth of email to come in... it took...
    ...a...
    ...long...
    ...time...
    But its looking like its working.
    A few things I tried, and although they didn't have an immediate effect to fix the connection refused problem, they might have kicked something to start something working again:
    1) Created a new 'test' user on the system, restarted, logged in as that user, and started Mail.app setting it up with .Mac settings (it was after this everything worked)
    2) Changed SSL ports in the accounts settings (no difference)
    3) Turned firewall on and off (no difference)
    4) Attempted to use Thunderbird to read .Mac email as IMAP mailbox (didn't work)
    Hope this rather obvious help helps anyone else

  • Mail Port 143 Timeout

    I'm running 10.5.5. For the last two weeks my mail app is almost unusable. I've been working with my host company and they are certain the issue is with Mac Mail. When I try to delete emails the emails wont move to the trash folder and I get a port 143 time out message that reads, "the connection to the server mail.mydomain.com on port 143 timed out." This issue is on my desktop, macbook and my wife's macbook. I would appreciate any help, or just to know that we are not alone with this problem.
    I've tried deleting all mail accounts, removing the file com.apple.mail.plist, but after all that the problem still exists. We use Comcast.
    Thanks!

    This is not a Mail issue, so don't get comfortable with that fallacy. ISPs and others always blame Apple because they only know Windoze, so they assume that every problem with a Mac must be an Apple issue. The fact that it's only been happening for two weeks is proof it's not an Apple issue. There are other causes for this problem and we haven't eliminated all of them yet.
    Try these steps:
    1. Quit Mail if it's running.
    2. Go to Home/Library/Caches/Mail and delete all the sub-folders within that one.
    3. Go to Home/Library/Mail and delete any of these files you have there:
    • LSMMap3
    • Envelope Index
    4. Restart Mail and allow it to import your existing messages; when it's done, test it to see if you can now delete messages using the default Incoming port of 143 or Port 995 with password authentication and SSL enabled. You might also try changing the default Outgoing port to 587 from whatever it is currently, again with password authentication and SSL enabled.
    If it works correctly, then your problem is resolved.
    Mulder

  • NAT support - how to obtain the public IP address?

    Hi
    I am developing an instant messenger in which users can start a conversation with another user through obtaining the IP address of the intended recipient from a mySQL database on the web server.
    This works fine within a local network. However, the address in the database upon user login is the private IP address within the LAN and not the global address - consequently my software cannot be used outside the LAN currently.
    Is it possible to use a method within the java.net library to send the public (global) address of the client to a server? And if so, how can I handle the ability to receive a reply from the server (which would arrive at the public IP the message was sent from, ie. the NAT firewall) so that it is delivered to the correct port and private IP on the client?
    Joe Barber

    If the server is on the public internet and the client is on a private network the server will see the public address and port, and can get it from a connected socket. Unfortunately if the nat box uses DHCP there is no guarantee that this will be the same next time, so persisting that value in a database is not a good idea. If both the client and server are behind nat gateways, they cannot directly establish calls. The better choice for these kind of systems is to run the server on the public internet on a well known address and have your clients connect to the server.
    You will find lots of discussion on the difficulties of nat and p2p on this forum and by looking in google.

  • Error writing the handshake string to the newly established connection. (02

    Hi
    I am having problems connecting from my Master to the Local Distributor server both on Solaris 10
    I am using ssh with ssl and select encryption, no authentication on the Master
    I was able to ssh from master to LD with prompt
    I check the path it was correct
    When I installed the LD I specified ssh
    I turn on the Debug and got the following results
    Debug from SPS Viewing Host Information
    Trace route to 10.233.12.38:70001 failed. (022167)
    Error writing the handshake string to the newly established connection. (022181)
    Connection handshake failed, invalid handshake string. Ensure that the path to the N1 Service Provisioning System application is correct, the application is configured to accept ssh connections and that you can ssh to the machine without any prompts.
    [debug1: channel 0: obuf empty, debug1: channel 0: close_write, debug1: channel 0: output drain -> closed, debug1: channel 0: almost dead, debug1: channel 0: gc: notify user, debug1: channel 0: gc: user detached, debug1: channel 0: send close, debug1: channel 0: is dead, debug1: channel 0: garbage collecting, debug1: channel_free: channel 0: client-session, nchannels 1, debug3: channel_free: status: The following connections are open:, #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1), , debug3: channel_close_fds: channel 0: r -1 w -1 e 7, debug1: fd 0 clearing O_NONBLOCK, debug1: fd 1 clearing O_NONBLOCK, debug1: fd 2 clearing O_NONBLOCK, debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds, debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0, debug1: Exit status 1](022138)
    Debug from cr_server.out
    2007-07-12 15:49:57,342 ERROR [Connection [127.0.0.1305]-[10.233.12 .38:70001]:Reader] com.raplix.rolloutexpress.net.transport.Connection$Rea
    dThread (Connection.java:515) - Exception when reading from connection in
    put:Connection [127.0.0.1:98305]-[10.233.0.38:70001]:Closing connecti
    on:
    Unable to make connection handshake using data, "0". (022195)
    Ok what am I mssing

    Hi,
    I am not quite sure where exactly you get an error. Are you trying to prepare an agent that connects to your newly installed LD?
    You did mention the following:
    I was able to ssh from master to LD with promptDo you mean you could login from the MS to the LD without password and got the OS prompt? What you have to make sure is that your ssh authentication works for the n1sps user (or whatever you have chosen during installation) from MS to LD and from LD to RA. That involves copying the public key from the MS n1sps user to the .ssh/authorized_keys files on the LD and RA. And after that, you should check the connections manually:
    1. From the MS: ssh <LD> ls -al
    2. From the MS: ssh <LD> ssh <RA> ls -al
    These both commands should work without any prompts and after that, you shouldn't get any error messages in SPS anymore.
    HTH,
    Michael

  • Separate security for both of two distinct parties - 1 the data owner - 2 the application owner

    I have written a web application in .net that runs on a shared server using Sql Server 2012. My program is only useful if I partner with certain data owners. I need to protect my program; they need to protect their data. I am assuming they at least run Sql
    Server 2008 R2. I need to interface with their database using a couple of stored procedures. I want these procedures to only be available to my application, and I want the processes and output of the stored procedures to be apparent to me and to my application
    alone. I assume they want their data to only be available to my application, not to me generally. This application needs to be available from my website, as well as from their website. I realize this question touches on areas outside of Sql Server Security
    as it reaches into basic architecture as well. Any help or pointers to help would be greatly appreciated.
    Thank you,

    That article discusses the situation in a single instance of SQL Server and is in no way applicable to a scenario where you want to set up trust between a web server and an SQL Server instance.
    There is one thing you can do with certificate, that possibly may be appliable to your situation. Say that you develop the stored procedures at your site, and then deploy them at the other site. You want to make sure that the procedures are not modified
    locally. To this end yon can sign the stored procedure with a certificate locally. When you ship the procedures, you also ship the public key of the certificate, and in the install script you use ADD SIGNATURE WITH BLOB to sign them. You take that blob from
    your home system.
    Your web application can then repeatedly check that the procedures are signed with the correct signature. It the procedure is changed locally, the signature is lost. They can re-sign it locally, but not with the certificate you shipped.
    This does not prevent other users from calling the stored procedures or look at the code. For that you need trust and contracts between humans.
    Erland Sommarskog, SQL Server MVP, [email protected]

Maybe you are looking for