Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL freezes MS outlook client communication

Status
Not open for further replies.
avputnam

avputnam

IS-IT--Management
Oct 23, 2003
93
US

I have applied ACL to one of the vlans that permits http, https, rdp to some servers, telnet to some server. The ACL ends with deny ip any to any log

I noticed that after i implemented the ACL, the clients in that vlan started having MS outlook freezing issues. The outlook will open but as soon as you click send/receive button, it would freeze. i know it is ACL related because when i take ACL off, everything goes back to normal.

I have these lines
permit ip any host 1.1.1.1 (1.1.1.1 be my exchnage server)
permit udp any host 1.1.1.1

But is still freezes the outlook functionality.

what protocols and ports do i need to open to stop this issue?

Thank you,
 
Sort by date Sort by votes
here is the access list

10 permit udp any any eq bootps (20 matches)
20 permit tcp 192.168.10.0 0.0.0.255 host 1.1.1.1 eq 3389
30 permit tcp 192.168.10 0.0.0.255 host 1.2.1.1 eq 3389
40 deny tcp 192.168.10.0 0.0.0.255 1.1.1.1 0.0.255.255 eq 3389
50 permit ip 192.168.10.0 0.0.0.255 1.1.1.1 0.0.0.255
60 permit udp 192.168.10.0 0.0.0.255 1.1.1.1 0.0.0.255
70 permit tcp 192.168.10.0 0.0.0.255 1.1.1.1 0.0.0.255
75 permit tcp any host 10.10.10.10 eq telnet
80 permit ip 192.168.10.0 0.0.0.255 host 1.1.1.1
90 permit ip 192.168.10.0 0.0.0.255 1.1.1.1 0.0.0.255
100 permit ip 192.168.10.0 0.0.0.255 host 1.1.1.1
110 permit ip 192.168.10.0 0.0.0.255 host 1.1.1.1
120 permit ip 192.168.10.0 0.0.0.255 host 1.1.1.1
130 permit ip 192.168.10.0 0.0.0.255 1.1.1.1 0.0.0.255
140 permit ip 192.168.10.0 0.0.0.255 1.1.1.1 0.0.0.255
150 permit tcp 192.168.10.0 0.0.0.255 host 1.1.1.1
160 permit tcp any any eq www
170 permit tcp any any eq 443
180 deny ip any any log (119947 matches)

I have already tried
permit tcp any host 1.1.1.1 eq smtp

but it is still freezing
 
Upvote 0 Downvote
Do you use secure sockets for smtp (ie port 995 and/or 2525)?

Burt
 
Upvote 0 Downvote
Burt,

I am not sure if we do. Our smtp gateway is located in the other state and then we have local exchange server that uses the remote smtp to send/receive external emails.
 
Upvote 0 Downvote
Burt,

i fixed the problem. While i was writing the reply above, i dawned on me that i did not allow tcp access to the smtp gateway.

Thank you
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
272
burtsbees
burtsbees
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
249
acabezas2014
acabezas2014
thad100g
  • Locked
  • Question
Can connect using Cisco VPN Client but cannot connect to statically mapped
Replies
0
Views
161
thad100g
thad100g
disturbedone
  • Locked
  • Question
CNA shows device as "Wireless Client" when it's not
Replies
0
Views
133
disturbedone
disturbedone
hunt3rxhunt3r
  • Locked
  • Question
ACL to allow address range access to internal address range behind dynamic nat ip
Replies
0
Views
169
hunt3rxhunt3r
hunt3rxhunt3r

Part and Inventory Search

Sponsor

Back
Top