Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Allow traffic on port 143

Status
Not open for further replies.
ncolsgk

ncolsgk

IS-IT--Management
Apr 2, 2007
98
US
I need to open IMAP traffic (port 143) to hit our internal Exchange box (192.168.1.9). IMAP is an IP protocol so Im unsure of the syntax but this is what I have so far:

access-list 199 permit ip any host 192.168.1.9 eq 143
 
Sort by date Sort by votes
Actually, you want tcp, not ip---is this your only access list? You are limited to how many acl's and in which direction you can apply them as far as the same inerface goes, so please post a show run, and perhaps I can help add the statement to an existing acl in your config that is already applied to an interface. Also, please tell what kind of router you have, or at least which interface and direction the acl is to be applied. Also, omit obvious public IP address and passwords (use "x"'s).

Burt
 
Upvote 0 Downvote
No, that is not my only ACL. Router is 2821 using IOS firewall. Config is below:

Code: 
interface GigabitEthernet0/1
 ip address XX.XX.XX.XX 255.255.255.252 secondary
 ip address XX.XX.XX.XX 255.255.255.224
 ip access-group 199 in
 ip nat outside
 ip inspect XXX in
 ip virtual-reassembly
 duplex full
 speed 10
 crypto map XXXXXX


access-list 100 deny   ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 100 deny   ip 192.168.2.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 100 deny   ip 10.10.10.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 100 deny   ip 10.10.20.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 100 deny   ip 10.10.11.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 10.10.11.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 101 permit ip 10.10.20.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 101 permit ip 10.10.11.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 150 deny   ip host 192.168.1.9 192.168.1.0 0.0.0.255
access-list 150 deny   ip host 192.168.1.9 192.168.2.0 0.0.0.255
access-list 150 deny   ip host 192.168.1.9 192.168.50.0 0.0.0.255
access-list 150 permit ip host 192.168.1.9 any
access-list 160 permit ip host 192.168.1.9 192.168.50.0 0.0.0.255
access-list 170 permit tcp host 192.168.1.6 any eq smtp
access-list 170 permit udp host 192.168.1.6 any eq domain
access-list 170 permit tcp host 192.168.1.6 any eq domain
access-list 170 permit tcp host 192.168.1.6 any eq 443
access-list 170 permit tcp host 192.168.1.6 any eq www
access-list 170 permit udp host 192.168.1.6 any eq ntp
access-list 170 deny   ip host 192.168.1.6 any
access-list 170 permit ip any any
access-list 199 permit esp any any
access-list 199 permit tcp any any eq 10000
access-list 199 permit udp any any eq isakmp
access-list 199 permit udp any any eq non500-isakmp
access-list 199 permit tcp any host XX.XX.XX.XX eq smtp
access-list 199 permit tcp any host XX.XX.XX.XX eq pop3
access-list 199 permit tcp any host XX.XX.XX.XX eq www
access-list 199 permit tcp any host XX.XX.XX.XX eq 443
access-list 199 permit tcp any host XX.XX.XX.XX eq 22
access-list 199 permit tcp any host XX.XX.XX.XX eq www
access-list 199 permit tcp any host XX.XX.XX.XX eq 443
access-list 199 permit tcp any host XX.XX.XX.XX eq www
access-list 199 permit tcp any host XX.XX.XX.XX eq ftp
access-list 199 permit tcp any host XX.XX.XX.XX eq ftp-data
access-list 199 permit icmp any XX.XX.XX.XX 0.0.0.31 echo-reply
access-list 199 permit icmp any XX.XX.XX.XX 0.0.0.31 traceroute
access-list 199 permit icmp any XX.XX.XX.XX 0.0.0.31 time-exceeded
access-list 199 permit icmp any XX.XX.XX.XX 0.0.0.31 unreachable
access-list 199 permit tcp host XX.XX.XX.XX host 67.90.82.99 eq 389
access-list 199 permit ip 192.168.50.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 199 permit ip 192.168.50.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 199 permit ip 192.168.50.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 199 permit ip 192.168.50.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 199 permit ip 192.168.50.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 199 permit udp any any eq tftp
access-list 199 permit tcp any any eq 2000
access-list 199 permit udp any any range 16384 32768
 
Upvote 0 Downvote
So, would it be a simple:

access-list 199 permit tcp any any eq 143
 
Upvote 0 Downvote
any any would allow port 143 access to everything behind your firewall.

access-list 199 permit tcp any host 192.168.1.9 eq 143
would lock it down to your specific host.

im not sure what ios your using so it would be good to copy the access-list to notepad before doing this and then check it right after you enter it to make sure the access-list is still in tact.

 
Upvote 0 Downvote
Thanks, I have it open, now I need to find out why these damn iPhones wont connect through IMAP.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
219
CPM86
CPM86
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
322
Zero6
Zero6
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
291
testman1
testman1
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
232
quazimotto
quazimotto
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
239
BleuBell
BleuBell

Part and Inventory Search

Sponsor

Back
Top