Wireless Access

Reply
Occasional Contributor II
Posts: 15
Registered: ‎05-10-2013

Email services in NAT / VLAN enviroment

Hey guys Im using: ArubaOS 6.1.3.1 (Digitally Signed - Production Build)

 

We have one VLAN setup for guest access and today we are getting complaints that email clients are not working on this network. They work fine on our actual network. This VLAN is NATed back to one address on our main network and supports about 200 users. Can anyone give me an idea as to where I should start to make it work? We have both IMAP and SMTP mail servers.

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Email services in NAT / VLAN enviroment

Is this YOUR users and YOUR email server that they are trying to reach?

 

Can the users resolve the DNS name to the ip address of the email server on that VLAN?

 

If they can resolve the ip address, does your NAT and the role that the guest user ends up allow IMAP and SMTP traffic?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎05-10-2013

Re: Email services in NAT / VLAN enviroment

Any email client that has server settings manually typed into it. Gmail, Yahoo our ISPS email server etc. All of the servers are on seperate VLANS.

 

I tried resolving IP address to hosts, and hosts to IP address, both worked fine. And showed me our DNS server.

 

Yes the ACLS allow that traffic. I even set thier role to allow all packets as a test as authenticated users get and it would not let email services sync or send. Kind of at a loss.

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Email services in NAT / VLAN enviroment

Well,

 

If the controller is doing the NAT and you have a web filter in your network, it will see all traffic as coming from the controller.  See if your web filter is seeing that traffic and if it is blocking or allowing.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎05-10-2013

Re: Email services in NAT / VLAN enviroment

Ok this is really odd. The controller is configured the same way it was yesterday when I gave up on diagnosing this. And today its magically working just fine? 

 

I added the ports of the smtp, and imap servers since they are not the ordinary, to the network services page. Maybe that did something. But what was yesterday. Web filter is done by the same place who hosts our email server so I dont think they would filter their own ports. Also our normal network functions fine.

 

Well Im thouroghly confused haha.

 

 

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Email services in NAT / VLAN enviroment

On the command line, type "show audit-trail" on the controller to see if and when any changes were made.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎06-24-2013

Re: Email services in NAT / VLAN enviroment

Just to add a few of my own notes when I ran into this problem and finally resovled it earlier today -

 

I was having the problem between different SSID's. One public SSID was having no issues accessing emails, yet an internal SSID was unable to reach any email services outside of our internal exchange. What I determined was this:

 

Each SSID was using a different Role when connected. Each role has a different firewall policy that can be assigned. So I first had to find the missing rules and fix this issue. I added in TCP/993 into the stateful firewall at the system level, which to my understanding filtered it down to the "Authenticated" role which is set to allow all. Second, I had to set to allow TCP/993 through my corporate ASA. 

 

Only after performing both did the emails begin to flow again on this internal SSID.

Search Airheads
Showing results for 
Search instead for 
Did you mean: