Connecting to Barracuda

Home Forums Networking Cisco Security – PIX/ASA/VPN Connecting to Barracuda

This topic contains 2 replies, has 3 voices, and was last updated by Avatar newITgirl 4 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • Avatar


    I am trying to connect both inbound and outbound email from the Barracuda Email Security System to my Exchange 2010 server. Currently my Cisco 515 PIX has these two rules, which I believe are allowing mail in and out:

    XXX.XXX.XX.XX is the public IP for my Exchange server.

    access-list BORDER35 permit tcp any host XXX.XXX.XX.XX eq smtp

    static (inside,outside) tcp XXX.XXX.XX.XX smtp Exchange Server NAME smtp netmask 0 0

    access-list SMTP-OUT-I permit tcp host Exchange Server NAME any eq smtp

    I have no problem sending or receiving email.

    When I attempt to change the first rule to the following:

    access-list BORDER35 permit tcp eq smtp host XXX.XXX.XX.XX eq smtp

    I cannot receive email sent from an external email account. When I go into Barracuda, it shows the email there, with this message:

    Recipients Action Reason Delivery Status
    Email Address Allowed Spooled (XXX.XXX.XX.XX:451 No response to HELO/EHLO)

    I also cannot do a telnet to the outbound server: telnet 25.

    So my questions are, 1. What rules do I need (or revisions of the ones I have) in order to send and receive from Barracuda. 2. How do I open port 25 so I can telnet to the outbound server?

    I realize these maybe Cisco 101 questions, and I have researched this on the web, but I am getting nowhere at present. I appreciate any help.


    Answer for Q1, see your prior thread regarding access-lists. Answer for Q2: port 25 is opened with the access-list destined for their smtp server. As long as you specify port 25 on your telnet command, and the ACL is entered and assigned to the external interface, you should get some sort of response. But then again, the ACL examples I gave in the other thread assume all traffic is starting / ending with your internal mail server. If you try to telnet via port 25 from your workstation, it won’t match that mail rule because your source IP won’t match.


    Thanks for the help.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.