Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Email services in NAT / VLAN enviroment

This thread has been viewed 0 times

  • 1.  Email services in NAT / VLAN enviroment

    Posted May 10, 2013 11:45 AM

    Hey guys Im using: ArubaOS 6.1.3.1 (Digitally Signed - Production Build)

     

    We have one VLAN setup for guest access and today we are getting complaints that email clients are not working on this network. They work fine on our actual network. This VLAN is NATed back to one address on our main network and supports about 200 users. Can anyone give me an idea as to where I should start to make it work? We have both IMAP and SMTP mail servers.



  • 2.  RE: Email services in NAT / VLAN enviroment

    EMPLOYEE
    Posted May 10, 2013 02:00 PM

    Is this YOUR users and YOUR email server that they are trying to reach?

     

    Can the users resolve the DNS name to the ip address of the email server on that VLAN?

     

    If they can resolve the ip address, does your NAT and the role that the guest user ends up allow IMAP and SMTP traffic?

     



  • 3.  RE: Email services in NAT / VLAN enviroment

    Posted May 10, 2013 02:20 PM

    Any email client that has server settings manually typed into it. Gmail, Yahoo our ISPS email server etc. All of the servers are on seperate VLANS.

     

    I tried resolving IP address to hosts, and hosts to IP address, both worked fine. And showed me our DNS server.

     

    Yes the ACLS allow that traffic. I even set thier role to allow all packets as a test as authenticated users get and it would not let email services sync or send. Kind of at a loss.



  • 4.  RE: Email services in NAT / VLAN enviroment

    EMPLOYEE
    Posted May 10, 2013 02:23 PM

    Well,

     

    If the controller is doing the NAT and you have a web filter in your network, it will see all traffic as coming from the controller.  See if your web filter is seeing that traffic and if it is blocking or allowing.

     



  • 5.  RE: Email services in NAT / VLAN enviroment

    Posted May 10, 2013 02:30 PM

    Ok this is really odd. The controller is configured the same way it was yesterday when I gave up on diagnosing this. And today its magically working just fine? 

     

    I added the ports of the smtp, and imap servers since they are not the ordinary, to the network services page. Maybe that did something. But what was yesterday. Web filter is done by the same place who hosts our email server so I dont think they would filter their own ports. Also our normal network functions fine.

     

    Well Im thouroghly confused haha.

     

     



  • 6.  RE: Email services in NAT / VLAN enviroment

    EMPLOYEE
    Posted May 10, 2013 02:32 PM

    On the command line, type "show audit-trail" on the controller to see if and when any changes were made.

     



  • 7.  RE: Email services in NAT / VLAN enviroment

    Posted Aug 27, 2013 12:39 PM

    Just to add a few of my own notes when I ran into this problem and finally resovled it earlier today -

     

    I was having the problem between different SSID's. One public SSID was having no issues accessing emails, yet an internal SSID was unable to reach any email services outside of our internal exchange. What I determined was this:

     

    Each SSID was using a different Role when connected. Each role has a different firewall policy that can be assigned. So I first had to find the missing rules and fix this issue. I added in TCP/993 into the stateful firewall at the system level, which to my understanding filtered it down to the "Authenticated" role which is set to allow all. Second, I had to set to allow TCP/993 through my corporate ASA. 

     

    Only after performing both did the emails begin to flow again on this internal SSID.