106019: IP packet from 172.16.0.39 to 212.214.136.27, protocol 17received from interface “inside” deny by access-group “acl_out”
From this output you can clearly see that host 172.16.0.39 is trying to
access a foreign IP address on port 17. After checking to which service
port 17 corresponds, you find that the user is trying use an application
that gives “Quote of the day” messages.
Q: My organization uses Microsoft Exchange server for our mail. How
would I allow our Exchange server to receive external mail if the server
is located on the inside network and a PIX firewall is in place?
A: Since the server is physically located on the inside network, a static
translation will need to be created to assign the Exchange server a
global IP address. Once the translation has been created, use ACLs to
limit to the type of traffic able to reach the server; in other words,
SMTP. For example, the Exchange server’s internal IP address is
Bạn đang xem 106019: - Syngress Managing Cisco Network Security