NAT to mail server not working.

Unanswered Question
Nov 20th, 2009
User Badges:

Hi There


I am trying to set up one of my cisco routers to NAT  to my mail server but my client con not connect and I cant see what i'm missing.


Any help appreciated.


Here is my config:-


service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router101.4
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username gkonheiser password 7 xxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
!
!
ip name-server 62.2.17.60
ip name-server 62.2.24.162
!
!
controller E1 1/0
!
!
!
interface FastEthernet0/0
description WAN
ip address 62.xxx.xxx.xxx 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.xxx.223 255.255.255.0
ip nat inside
speed 100
full-duplex
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.xxx.xxx 62.xxx.xxx.xxx
ip nat inside source static tcp 192.168.xxx.21 25 62.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.xxx.21 443 62.xxx.xxx.xxx 443 extendable
ip nat inside source static tcp 192.168.xxx.21 80 62.xxx.xxx.xxx 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 62.xxx.xxx.xxx
no ip http server
ip pim bidir-enable
!
!
access-list 1 remark Internet access list
access-list 1 permit 192.168.xxx.0 0.0.0.255
access-list 1 remark Internet access list
access-list 1 remark Internet access list
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxx
login local
line vty 5 15
password 7 xxxxxxxxxxxxxxxxxxxxx
login local
!
!
end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (1 ratings)
Loading.

Re-write the nat overload access-list to deny the internal mail server IP address, ie


access-list 1 remark Internet access list

access-list 1 deny 192.168.xxx.21
access-list 1 permit 192.168.xxx.0 0.0.0.255


The above wille exempt the mail server from the dynamic nat, and allow the static to override.


Normally static overides dynamic - but it's worth a try!!

gkonheiser Tue, 11/24/2009 - 02:49
User Badges:

Hi Andrew


Thanks for your help.I solved the problem yesterday. It was due to a STUPID over sight on my behalf.



Gordon

Actions

This Discussion

Related Content