i have cisco router 2821 and switch-3560G.
for 2821 using internet connection and connect to switch 3560G.
for switch 3560G create 2 Vlan ( one for Server and other one for client)
on switch 3560G
G0/1: 10.10.10.2 connect to router 2821.
Vlan: 184.108.40.206 Vlan server
Vlan: 220.127.116.11 Vlan client
So i would like to allow remote from desktop and smtp, pop3 from outside to inside ( 18.104.22.168)?
1- How can we configure on router?
2- how about switch 3560G we just routing only or need to add ip nat .......?
I am assuming that you have not configured CBAC or ZBF on the router. With that assumption, I would suggest you to configure access-lists that allow returnt traffic from internet to your internal hosts (if they are browsing via the router). Also, the access-list is slightly off in that the source port will not be SMTP or POP3 when you are accessing the servers.
p nat inside source static tcp 22.214.171.124 interface f0/0 25 extendable
ip nat inside source static tcp 126.96.36.199 interface f0/0 110 extendable
access-list 103 permit tcp any host eq smtp
access-list 103 permit tcp any host eq pop3
access-list 103 permit tcp any any ack
access-list 103 deny tcp any any syn
access-list 103 permit ip any any
With this, all the return traffic will be allowed (even though this allows UDP/ICMP seamlessly, you can restrict them also if you like) without any issues. Hope this helps.