10-30-2007 06:40 AM - edited 03-03-2019 05:33 AM
Hi,
I would access my mail server from outside my lan.
I had configure follow instructions, but i still not having access to my mail server by my mail client from outside of lan.
Could anybody help me?
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname mtech_lab_dti_csco
!
boot-start-marker
boot-end-marker
!
!
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa session-id common
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.248 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 41.x.x.253 255.255.254.0
ip nat outside
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.0.6 110 41.223.40.253 110 extendable
ip nat inside source static tcp 192.168.0.6 25 41.223.40.253 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 41.223.40.1
FastEthernet0/0
ip http server
!
access-list 1 permit any
!
line con 0
line aux 0
line vty 0 4
transport input telnet
!
!
!
end
10-30-2007 07:07 AM
I cannot see anything wrong with that. Have you tried:
access-list 6 192.168.0.6
debug ip nat 6
?
Kevin Dorrell
Luxembourg
11-01-2007 09:54 AM
Hi Kevin,
I tried this, but did not work.
what can be happening?
Antonio
11-01-2007 11:07 AM
Antonio, that wasn't supposed to solve the problem. It was supposed to let you see what is going on so we can debug it. Did you get any debug output from it? If so, could you post it please?
Kevin Dorrell
Luxembourg
11-05-2007 07:59 AM
Hi Kevin,
when a put this line :
- access-list 6 192.168.0.6
router returns follow error
- % Invalid input detected at '^' marker.
Could you review the code that you sent to me ?
Att
AB
11-05-2007 08:15 AM
Sorry,
access-list 6 permit 192.168.0.6
11-05-2007 08:23 AM
Hi Antonio.
your existing configuration should be OK.I wanna ask you questions.
-Are you using 255.255.254.0 for the fastethernet 0/1?
-Are you using POP3 for getting mails from the outside?
-Can you perfectly use mail clients from inside?
-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.
-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.
IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.
Hopes this helps
Thot
11-05-2007 08:42 AM
Hi thot, follow my answers :
-Are you using 255.255.254.0 for the fastethernet 0/1?
Yes, is a subnet range of our outside Network.
-Are you using POP3 for getting mails from the outside?
Yes, our mail server is in our inside network
-Can you perfectly use mail clients from inside?
Yes, no problem
-To make sure that you use the name for referencing the mail server in your mail client configuration. Lets say mailtest.xxxx.com.
I'm putting direct ip address in my mail client
41.223.40.253:110
41.223.40.253:25
-To make sure that you can resolve mailtest.xxxx.com from the internet to 41.223.40.253.
IF YOU ARE USING IP ADDRESS : 192.168.0.6 for doing that. YOU SHOULD NOT USE POP3 from the outside.
Why ? Which other way to do this ?
Im very confused with this problem.
AB
11-05-2007 06:57 PM
Hi Antonio
Good to know you use the fixed IPs for referencing the mail server.
Is there any connection from the outside or not? we need to verify this step first.when you try to access the mail sever from the outside please let me know what you see when you do "sh ip nat translation | inc :25|:100".
Hopes this helps
Thot
11-06-2007 08:25 AM
Hi Thot,
Follow the output :
mtech_lab_dti_csco#sh ip nat translation | inc :25|:110
tcp 41.223.40.253:110 192.168.0.6:110 41.223.40.1:33945 41.223.40.1:33945
tcp 41.223.40.253:25 192.168.0.6:25 41.223.40.1:36232 41.223.40.1:36232
tcp 41.223.40.253:25 192.168.0.6:25 --- ---
tcp 41.223.40.253:110 192.168.0.6:110 --- ---
Antonio
11-07-2007 02:07 AM
Hi Thot,
do you have any idea about this problem ?
AB
11-06-2007 08:34 AM
Hi Kevin
Follow the outputs :
mtech_lab_dti_csco#
*Mar 2 08:59:10.977: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3208]
*Mar 2 08:59:13.974: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3209]
*Mar 2 08:59:14.848: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45608]
*Mar 2 08:59:17.845: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45609]
*Mar 2 08:59:19.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3210]
*Mar 2 08:59:23.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45610]
*Mar 2 08:59:31.972: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3211]
*Mar 2 08:59:35.842: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45611]
*Mar 2 08:59:55.971: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [3212]
*Mar 2 08:59:59.841: NAT: s=41.223.40.1, d=41.223.40.253->192.168.0.6 [45612]
11-06-2007 05:06 AM
hi,
have you tried telneting your POP and SMTP from outside?
i dont see any problem with your config.
11-06-2007 08:39 AM
Hi intelide,
Yes, but not work.
AB
11-06-2007 04:03 PM
hmm..
inside interface up? mail server up? and have a correct gateway? do you have another firewall/ips behind the router?
strange -
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: