SMTP IP address issue

Unanswered Question
Feb 16th, 2009
User Badges:

I have a Cisco 1811 Intergrated Services Router which has been in operation for over a year. It also provides VPN access for the Cisco dialer VPN and three small remote offices with PIX 501s connected back to the main office. All worked well, except I discovered the outbound e-mail came from an incorrect IP address. I want the SMTP to show from 24.227.206.180, but it shows from 24.227.206.178. 192.168.10.111 is the e-mail server. I used the command "ip nat inside source static tcp 192.168.10.111 25 24.227.206.180 25 extendable". E-mail comes in OK, but outbound e-mail shows the primary IP address of the router, not the address in the IP NAT line. The server is also a DNS/WINS server. I do not want to change the public DNS records. I have tried some changes, but each try created a different problem.


Attached is a copy of the full config.


Thanks



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 02/16/2009 - 10:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ross,

I would rewrite the ACL 100 to deny host 192.168.10.111


before the line

permit ip 192.168.10.0 0.0.0.255 any


put

deny ip host 192.168.10.111 any


in this way the NAT is managed by the static entries


Hope to help

Giuseppe

rossmartin Mon, 02/16/2009 - 16:16
User Badges:

Giuseppe,

Due to their schedule, I will not be able to try it until tomorrow PM. I will try it then. Thanks for the suggestion.


Ross

rossmartin Tue, 02/17/2009 - 16:33
User Badges:

I added the deny line. Inbound works fine. My server 192.168.10.111 cannot access the internet. It cannot reach dns forwarders, ping, or browse the internt. Other inside hosts have internet access (except names are not being resolved) Here is my access lit 100. Is it in the right order?

access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 100 deny ip host 192.168.10.111 any

access-list 100 permit ip 192.168.10.0 0.0.0.255 any

Actions

This Discussion