how can i access web mail through vpn client?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • eitsubashkumars
    New Member
    • Nov 2010
    • 2
    #1

    how can i access web mail through vpn client?

    I have configured remote access VPN with local pool in ASA firewall however im accessing all the resources(my private network such as servers ) through Asa firewall after getting connected the VPN but i cant the mailing server through web mail(ports like 80).Please check the configs


    Code:
    PuTTY log 2010.10.13 13:11:53 


User Access Verification

Password: 
Type help or '?' for a list of available commands.

IFASA> en
Password: **************

IFASA# sh run
: Saved
:
ASA Version 7.1(2) 
!
hostname IFASA
domain-name default.domain.invalid
enable password 8pkSRCt/lliZt3SZ encrypted
names
!
interface Ethernet0/0
 description "Connected with internet router on port F0/0"
 nameif outside
 security-level 0
 ip address 100.100.100.2 255.255.255.0 
!
interface Ethernet0/1
 description "Connected with Core switch on port G0/1"
 nameif inside
 security-level 100
 ip address 10.10.20.1 255.255.255.0 
!
interface Ethernet0/2
 nameif dmz
 security-level 50
 ip address 10.10.30.1 255.255.255.0 
<--- More --->
              
!
interface Management0/0
 description ##Management Port####
 nameif mgm
 security-level 90
 no ip address
 management-only
!
passwd 8pkSRCt/lliZt3SZ encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list outside_access_in extended permit icmp any any echo-reply 
access-list outside_access_in extended permit icmp any any source-quench 
access-list outside_access_in extended permit icmp any any unreachable 
access-list outside_access_in extended permit icmp any any time-exceeded 
access-list inside_nat0_outbound extended permit ip any 172.16.1.0 255.255.255.240 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.3.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 193.99.1.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 193.99.4.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 195.124.13.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.202.144.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 10.200.54.135 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.112.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.0.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.0.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.0.0.0 255.0.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.21.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.220.90.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.64.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.75.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 144.145.75.196 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.129.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 10.102.18.142 
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.102.0.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.0.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 172.29.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 host 172.29.4.93 
access-list inside_nat0_outbound extended permit ip 192.0.0.0 255.0.0.0 172.0.0.0 255.0.0.0 
access-list inside_nat0_outbound extended permit ip 172.29.4.0 255.255.255.0 192.168.100.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip host 10.200.96.132 192.168.100.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip host 192.168.100.65 host 10.200.96.132 
access-list inside_nat0_outbound extended permit ip 192.0.0.0 255.0.0.0 host 10.200.96.132 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.192 172.16.1.0 255.255.255.240 
access-list inside_nat0_outbound extended permit ip 192.168.100.64 255.255.255.192 172.16.1.0 255.255.255.240 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.192 182.16.1.0 255.255.255.240 
access-list inside_nat0_outbound extended permit ip 192.168.100.64 255.255.255.192 182.16.1.0 255.255.255.240 
access-list inside_nat0_outbound extended permit ip any 182.16.1.0 255.255.255.240 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 192.168.3.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 193.99.1.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 193.99.4.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 195.124.13.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.202.144.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 host 10.200.54.135 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.145.112.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.129.0.0 255.255.0.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.145.0.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.21.0.0 255.255.0.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.220.90.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.145.75.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.0.0.0 255.0.0.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 host 10.220.90.38 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.200.105.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.0.0.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 host 10.102.18.42 
access-list outside_cryptomap_20 extended permit ip 172.29.4.0 255.255.255.0 192.168.100.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.29.3.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.29.4.0 255.255.255.0 
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.200.112.0 255.255.255.0 
access-list test extended permit ip host 10.10.20.101 host 4.2.2.2 
access-list test extended permit ip host 4.2.2.2 host 10.10.20.101 
access-list test extended permit ip host 100.100.100.3 host 4.2.2.2 
access-list test extended permit ip host 4.2.2.2 host 100.100.100.3 
access-list test extended permit ip host 10.10.20.101 host 66.102.13.104 
access-list test extended permit ip host 66.102.13.104 host 10.10.20.101 
access-list test extended permit ip host 100.100.100.3 host 66.102.13.104 
access-list test extended permit ip host 66.102.13.104 host 100.100.100.3 
access-list test extended permit ip host 100.100.100.1 host 66.102.13.104 
access-list test extended permit ip host 66.102.13.104 host 100.100.100.1 
access-list idea_splitTunnelAcl standard permit any 
access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.220.90.0 255.255.255.0 
access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 10.102.18.142 
access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.102.18.0 255.255.255.0 
access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.102.0.0 255.255.255.0 
access-list dmz_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.102.0.0 255.255.255.0 
access-list dmz_nat0_outbound extended permit ip 192.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 
access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.0.0 255.255.0.0 
access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.4.0 255.255.255.0 
access-list dmz_nat0_outbound extended permit ip host 10.200.96.132 192.168.0.0 255.255.0.0 
access-list unity_splitTunnelAcl standard permit 192.168.104.0 255.255.255.0 
access-list unity_splitTunnelAcl standard permit host 192.168.100.67 
access-list unity_splitTunnelAcl standard permit host 192.168.100.70 
access-list unity_splitTunnelAcl standard permit host 192.168.100.71 
access-list inside_access_in extended permit ip any any 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu mgm 1500
ip local pool ifdhcp 172.16.1.1-172.16.1.10 mask 255.255.255.0
ip local pool nexttoidea 182.16.1.1-182.16.1.10 mask 255.255.255.0
ip local pool ideavpnpool 172.28.1.100-172.28.1.199 mask 255.255.255.0
asdm image disk0:/asdm.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 100.100.100.3
global (outside) 2 100.100.100.4
global (outside) 3 100.100.100.5
global (outside) 5 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 5 10.10.20.100 255.255.255.255
nat (inside) 5 192.168.100.0 255.255.255.192
nat (inside) 5 192.168.100.64 255.255.255.192
nat (inside) 5 192.168.103.0 255.255.255.0
nat (inside) 5 192.168.104.0 255.255.255.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 5 10.10.30.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 100.100.100.1 1
route inside 192.168.103.0 255.255.255.0 10.10.20.2 1
route inside 192.168.100.64 255.255.255.192 10.10.20.2 1
route inside 192.168.100.0 255.255.255.192 10.10.20.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy unity internal
group-policy unity attributes
 wins-server value 192.168.100.5
 dns-server value 203.196.128.4 192.168.100.5
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value unity_splitTunnelAcl
 default-domain value confidign
group-policy nexttoideavpn internal
group-policy nexttoideavpn attributes
dns-server value 203.196.128.4 192.168.100.5
 vpn-tunnel-protocol IPSec 
 default-domain value confidign
group-policy nextgenvpn internal
group-policy nextgenvpn attributes
 dns-server value 203.196.128.4 192.168.100.5
 vpn-tunnel-protocol IPSec 
 default-domain value confidign
group-policy idea internal
group-policy idea attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value idea_splitTunnelAcl
username testasa password xz64BOi0/q9vNlsO encrypted
username BalamuruganJ password bC0quptZGNndczai encrypted privilege 0
username BalamuruganJ attributes
 vpn-group-policy unity
username spice password eLlcIWZLnszxmfPc encrypted
username remotevpn password 19ozm5I0mkO2G1Fj encrypted
username karthik password spKyg06wKqb2qpG2 encrypted
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username MadhavanG password TG5ToGaURcla8SES encrypted privilege 0
username MadhavanG attributes
 vpn-group-policy unity
username idea1 password Cxl84giZLtfZKg8T encrypted
username igidel password drlk5lzEa04hxmFa encrypted privilege 0
username igidel attributes
 vpn-group-policy idea
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.100.0 255.255.255.0 inside
http 192.168.101.0 255.255.255.0 inside
http 192.168.102.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
http 192.168.100.0 255.255.255.192 inside
http 10.10.20.1 255.255.255.255 inside
http 192.168.100.100 255.255.255.255 inside
http 192.168.200.0 255.255.255.0 mgm
http 192.168.100.0 255.255.255.0 mgm
snmp-server host inside 192.168.100.74 community gqmaps
no snmp-server location
no snmp-server contact
snmp-server community gqmaps
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
sysopt noproxyarp outside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 288000
crypto dynamic-map Outside_dyn_map 10 set reverse-route
crypto dynamic-map Outside_dyn_map 40 set reverse-route
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 193.96.192.33 
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map Outside_map 40 ipsec-isakmp dynamic Outside_dyn_map
isakmp identity address 
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
isakmp nat-traversal  20
tunnel-group 193.96.192.33 type ipsec-l2l
tunnel-group 193.96.192.33 ipsec-attributes
 pre-shared-key *
tunnel-group idea type ipsec-ra
tunnel-group idea general-attributes
 address-pool ifdhcp
tunnel-group idea ipsec-attributes
 pre-shared-key *
tunnel-group nexttoideavpn type ipsec-ra
tunnel-group nexttoideavpn general-attributes
 address-pool nexttoidea
 default-group-policy nexttoideavpn
tunnel-group nexttoideavpn ipsec-attributes
 pre-shared-key *
tunnel-group nextgenvpn type ipsec-ra
tunnel-group nextgenvpn general-attributes
 address-pool ideavpnpool
 default-group-policy nextgenvpn
tunnel-group nextgenvpn ipsec-attributes
 pre-shared-key *
telnet 0.0.0.0 0.0.0.0 outside
telnet 192.168.100.0 255.255.255.0 inside
telnet 10.10.20.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet 192.168.100.0 255.255.255.192 inside
telnet 128.136.100.100 155.155.255.255 inside
telnet 128.136.100.0 155.155.255.0 inside
telnet 192.136.100.0 255.155.255.0 inside
telnet 192.168.100.64 255.255.255.192 inside
telnet 192.168.100.100 255.255.255.255 inside
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.100.0 255.255.255.0 inside
ssh 192.168.101.0 255.255.255.0 inside
ssh 192.168.102.0 255.255.255.0 inside
ssh 192.168.103.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 51
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
  inspect icmp 
!
service-policy global_policy global
Cryptochecksum:b5ff87410a5ca4bacd9ac2fbddf91aa8
: end

IFASA#   
IFASA#

    Please help me.I really appreciate!...
    Last edited by Niheel; Nov 19 '10, 05:25 PM.
    Tags: None
    • sicarie
      Recognized Expert Specialist
      • Nov 2006
      • 4677
      #2
      That's a huge ruleset, so I'm not going to be able to go through it line-by-line or apply it to a personal device to test.

      I would recommend finding the line that allows access to your mail port, and disabling all the others, then testing your mail access. If that doesn't work, the rule is incorrect. If that does work, another rule is overriding that rule, and you should re-enable them one at a time until you find the one that's causing the issue.

      Good luck!

        Comment

        • eitsubashkumars
          New Member
          • Nov 2010
          • 2
          #3
          hi....sicarie.

          thanks,your response.

          shall i put this command?..

          Code:
          access-list WEB permit tcp 182.16.1.0 255.255.255.240 192.168.100.0 255.255.255.0 eq 80

access-list TELNET permit tcp 182.16.1.0 255.255.255.240 192.168.100.0 255.255.255.0 eq 23

access-list smtp permit tcp 182.16.1.0 255.255.255.240 192.168.100.0 255.255.255.0 eq 25


access-list pop3 permit tcp 182.16.1.0 255.255.255.240 192.168.100.0 255.255.255.0 eq 110
          Please advice me.
          Last edited by Niheel; Nov 19 '10, 05:25 PM.

            Comment

            Previous template Next
            Working...