Outlook 2003 web access

[wilki]

I wish to open up a specific port on my cisco pix 501 I have the follwoing access lists already.

access-list outside permit tcp any host nn.nnn.nnn.nnn eq smtp (hitcnt=73)
access-list outside permit tcp any host nn.nnn.nnn.nnn eq

http://www (hitcnt=3)

access-list inside permit tcp any any eq

http://www (hitcnt=2217)

access-list inside permit tcp any any eq https (hitcnt=72)
access-list inside permit udp any any eq domain (hitcnt=4517)
access-list inside permit tcp any any eq smtp (hitcnt=48)
access-list inside permit tcp any any eq ftp (hitcnt=4)
access-list inside permit udp any any eq ntp (hitcnt=80)

I have tried adding the following lines to open the port
access-list outside permit tcp any any eq PORT-NO
access-list outside permit udp any any eq PORT-NO
(Where PORT-NO is the port I want to open).

But this port still seems to be unavailable.

Do I need to do a fixup command for the port or do I need to allow the port on the inside interface also (i think not as traffic is not blocked as standard on an outgoing basis.

Thanks,

Matt

 

[thule]

Use the fixup command if the port you wish to open is associated with a common protocol already, http is common in this instance.

 

[chicocouk]

You need a static translation mapping the external address of the pix to the internal mail server's ip. At the moment all you're doing is saying traffic is allowed on a certain port. You're not saying what should happen to the traffic once it hits your external interface. So nothing happens to it.

You do not need a fixup statement.

You'll find that your nn.nn.nn.nn ip address is a public ip address, and in your config you will also have a command that begins "static" that maps that ip address to an internal host. Copy the format of that command.

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP

 

[Hylsan]

Hi
Im aso having trouble with OWA(for outlook2000).
My config is;
-------------------------------------------
IX Version 5.2(6)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password XXX encrypted
passwd XXX encrypted
hostname cortecpix
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocolnet 1521
fixup protocol sip 5060
names
access-list outside permit tcp any any eq PO_NUM
access-list outside permit udp any any eq PO_NUM
access-list outside permit icmp any any
pager lines 24
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1500
mtu inside 1500
ip address outside 213.X.X.168 255.255.255.224
ip address inside 192.X.X.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 213.X.X.169
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 213.X.X.170 192.X.X.1 netmask 255.255.255.255 0 0
conduit permit tcp host 213.X.X.170 eq smtp any
route outside 0.0.0.0 0.0.0.0 213.X.X.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
isakmp identity hostname
telnet timeout 5
ssh timeout 5
terminal width 80
-----------------------------------------------


NO_NUM = the port I want to open

I have no problem accessing internet, but I cant access my OWA. Server is 192.X.X.1 and outside is a DSL-modem.

Thanks in advance
/Hylsan