Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
0
Helpful
1
Replies

NAT Translation to SMTP Not Working

jgorman1977
Level 1
Level 1

‎04-04-2010 09:21 AM - edited ‎03-04-2019 08:01 AM

Can someone take a peek at my config and let me know if they see why port 25 is being refused?  The server guys say it is open the the server.  443 works fine.

Thanks in advance.

User Access Verification

Password:
usdcirtr01>en
Password:
usdcirtr01#sh run
Building configuration...

Current configuration : 6569 bytes
!
version xx4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname usdcirtr01
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
enable secret 5 $1$q6qj$kAjhVgRJEoPLl9bg2bS6M/
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
ip tftp source-interface FastEthernet0/0
ip domain name dci.xxxx.com
ip ssh authentication-retries 2
ip auth-proxy auth-proxy-banner http ^C AUTHENTICATION REQUIRED.  FOR ASSISTANCE
PLEASE CONTACT YOUR PLANT IT MANAGER OR xxxx HELP DESK AT 800.735.5523 ^C
ip auth-proxy inactivity-timer 10
ip auth-proxy name WWW http inactivity-time 180 list NAT
ip admission auth-proxy-banner http ^C AUTHENTICATION REQUIRED.  FOR ASSISTANCE
PLEASE CONTACT YOUR PLANT IT MANAGER OR xxxx HELP DESK AT 800.735.5523 ^C
ip admission inactivity-timer 10
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key xxxx!123 address xx177.120.150
crypto isakmp key xxxx!123 address xx44.10.3
!
crypto ipsec security-association lifetime seconds 84000
!
crypto ipsec transform-set IPSEC-TUNNEL esp-des esp-md5-hmac
!
crypto map IPSEC-MGH 1 ipsec-isakmp
set peer xx44.10.3
set transform-set IPSEC-TUNNEL
match address DCI-MGH
crypto map IPSEC-MGH 2 ipsec-isakmp
set peer xx177.120.150
set transform-set IPSEC-TUNNEL
match address DCI-FSM
!
!
!
!
!
interface Loopback0
ip address xxx.xxx.254.9 255.255.255.255
!
interface FastEthernet0/0
ip address xxx.xxx.150.1 255.255.255.0 secondary
ip address xxx.xxx.149.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
ip address xxx.xxx.37.129 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/3/0
ip address xx87.104.206 255.255.255.252
ip access-group Outside in
ip nat outside
ip virtual-reassembly
ip route-cache flow
crypto map IPSEC-MGH
!
ip route 0.0.0.0 0.0.0.0 xxx.xxx.37.134
ip route 10.0.0.0 255.0.0.0 Serial0/3/0
ip route xx44.10.3 255.255.255.255 Serial0/3/0
ip route xx44.10.22 255.255.255.255 75.149.218.110
ip route xx44.10.134 255.255.255.255 75.149.218.110
ip route xx177.120.150 255.255.255.255 Serial0/3/0
ip route 32.71.56.0 255.255.255.0 Serial0/3/0
ip route 32.71.175.0 255.255.255.0 Serial0/3/0
ip route xxx.89.152.48 255.255.255.248 Serial0/3/0
ip route xxx.89.154.144 255.255.255.248 Serial0/3/0
ip route xxx.xxx.0.0 255.255.0.0 Serial0/3/0
ip route 172.16.0.0 255.255.0.0 Serial0/3/0
ip route 172.17.0.0 255.255.0.0 Serial0/3/0
ip route 172.20.0.0 255.255.0.0 Serial0/3/0
ip route 172.24.0.0 255.255.0.0 Serial0/3/0
ip route 192.168.0.0 255.255.0.0 Serial0/3/0
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface FastEthernet0/1 overload
ip nat inside source static tcp xxx.xxx.149.210 25 xxx.xxx.37.129 25 extendable
ip nat inside source static tcp xxx.xxx.149.210 443 xxx.xxx.37.129 443 extendabl
e
ip nat inside source static tcp xxx.xxx.149.210 587 xxx.xxx.37.129 587 extendabl
e
!
ip access-list extended DCI-FSM
permit ip host xxx.xxx.254.9 10.0.0.0 0.255.255.255
permit ip host xxx.xxx.254.9 32.71.0.0 0.0.255.255
permit ip host xxx.xxx.254.9 32.73.0.0 0.0.255.255
permit ip host xxx.xxx.254.9 192.168.105.0 0.0.0.255
permit ip xxx.xxx.149.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip xxx.xxx.149.0 0.0.0.255 32.71.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 32.73.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 192.168.105.0 0.0.0.255
permit ip xxx.xxx.150.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip xxx.xxx.150.0 0.0.0.255 32.71.0.0 0.0.255.255
permit ip xxx.xxx.150.0 0.0.0.255 32.73.0.0 0.0.255.255
permit ip xxx.xxx.150.0 0.0.0.255 192.168.105.0 0.0.0.255
ip access-list extended DCI-MGH
permit ip host xxx.xxx.254.9 10.81.0.0 0.0.255.255
permit ip host xxx.xxx.254.9 192.168.101.0 0.0.0.255
permit ip host xxx.xxx.254.9 192.168.103.0 0.0.0.255
permit ip host xxx.xxx.254.9 172.0.0.0 0.255.255.255
permit ip host xxx.xxx.254.9 xxx.xxx.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 10.81.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 192.168.101.0 0.0.0.255
permit ip xxx.xxx.149.0 0.0.0.255 192.168.103.0 0.0.0.255
permit ip xxx.xxx.149.0 0.0.0.255 172.0.0.0 0.255.255.255
permit ip xxx.xxx.149.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
permit ip xxx.xxx.150.0 0.0.0.255 10.81.0.0 0.0.255.255
permit ip xxx.xxx.150.0 0.0.0.255 192.168.101.0 0.0.0.255
permit ip xxx.xxx.150.0 0.0.0.255 192.168.103.0 0.0.0.255
permit ip xxx.xxx.150.0 0.0.0.255 172.0.0.0 0.255.255.255
permit ip xxx.xxx.150.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 172.17.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 172.20.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 172.24.0.0 0.0.255.255
ip access-list extended NAT
deny   ip xxx.xxx.149.0 0.0.0.255 10.0.0.0 0.255.255.255
deny   ip xxx.xxx.149.0 0.0.0.255 192.168.0.0 0.0.255.255
deny   ip xxx.xxx.149.0 0.0.0.255 172.0.0.0 0.255.255.255
deny   ip xxx.xxx.149.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
deny   ip xxx.xxx.149.0 0.0.0.255 32.71.0.0 0.0.255.255
deny   ip xxx.xxx.149.0 0.0.0.255 32.73.0.0 0.0.255.255
deny   ip xxx.xxx.150.0 0.0.0.255 10.0.0.0 0.255.255.255
deny   ip xxx.xxx.150.0 0.0.0.255 192.168.0.0 0.0.255.255
deny   ip xxx.xxx.150.0 0.0.0.255 172.0.0.0 0.255.255.255
deny   ip xxx.xxx.150.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
deny   ip xxx.xxx.150.0 0.0.0.255 32.71.0.0 0.0.255.255
deny   ip xxx.xxx.150.0 0.0.0.255 32.73.0.0 0.0.255.255
permit ip xxx.xxx.149.0 0.0.0.255 any
permit ip xxx.xxx.150.0 0.0.0.255 any
ip access-list extended Outside
permit icmp xx44.10.0 0.0.0.255 host xx87.104.206
permit icmp 70.182.107.0 0.0.0.127 host xx87.104.206
permit icmp xx177.120.128 0.0.0.127 host xx87.104.206
permit tcp any host xx87.104.206 eq 22
permit esp any host xx87.104.206
permit udp any host xx87.104.206 eq isakmp
permit tcp any host xx87.104.206 gt 1023 established
permit ip xxx.89.154.144 0.0.0.7 host xx87.104.206
permit ip xxx.89.152.48 0.0.0.7 host xx87.104.206
!
logging history debugging
logging trap debugging
logging source-interface FastEthernet0/0
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 0117050D5F080F5E731F
login
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17177635
ntp source FastEthernet0/0
ntp update-calendar
end

usdcirtr01#

Labels:
0 Helpful
1 Reply 1

jgorman1977
Level 1
Level 1

‎04-04-2010 09:44 AM

Nevermind....server team did NOT have the ports open.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card