Solved: 1841 -> ZBF <> MailServer:IP, port 110,25 ?

mauric · ‎01-30-2017

hello dear prof!

i have running now in me little network a Mailserver, please i don't know
how to open the port 25,110 on me Cisco 1841 so that this Email-Server
with the static address in internal Network are reachable from the hole world.

i have configured a on 1841 Zone based firewall without DMZ Zone, but now,
i don't see no way to this. Can give me here any little help,please so that i can
do any static entry for example all traffic from 0.0.0.0 > 10.10.10.25 : 25, 110 allow

i have create picture of me idea.

thanks for your help!
Regards
Mauri

Philip D'Ath · ‎02-02-2017

First you need some NATs:

ip nat inside source static tcp 192.168.1.xx 25 interfaceFastEthernet0/0 25
ip nat inside source static tcp 192.168.1.xx 110 interfaceFastEthernet0/0 110

Your zone based firewall is incomplete and not in use, so you don't need to do anything to make the NATs work. You can take a look at one config wizard for a Cisco 897 to see how to build a complete working zone based firewall config.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

View solution in original post

Philip D'Ath · ‎01-30-2017

You will need to share your configuration for us to be able to suggest any changes.

mauric · ‎01-31-2017

Hello,

Here are me running Conifg, thanks meny time for your Investigation.

best regards

Mauri

mauric · ‎02-02-2017

Please Gentlemans!

may I kindly wan't ask for a possible answer!

best regards

Mauri

Philip D'Ath · ‎02-02-2017

First you need some NATs:

ip nat inside source static tcp 192.168.1.xx 25 interfaceFastEthernet0/0 25
ip nat inside source static tcp 192.168.1.xx 110 interfaceFastEthernet0/0 110

Your zone based firewall is incomplete and not in use, so you don't need to do anything to make the NATs work. You can take a look at one config wizard for a Cisco 897 to see how to build a complete working zone based firewall config.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

mauric · ‎02-03-2017

Thanks 1000 ! for your Help

so me ZBF are not complet :-(, please are possible to give me material to read a lillte more about this, so are possible that me ZBF are running like a Firewall that are complet, and not only a half time shot......

i found on Cisco Homepage any books.... like 700 site, but are possible that here exist any smaler one for understabd this, i respect this feature, and iam a fan from this! so i will to learn and setup correctly, can you give me here any possible links help Help information in which direction i need to go, top amcomplish this.

Regards and thaks for your Help!

Mauri

mauric · ‎02-18-2017

try to open port 25,110 and 21, but i don't have success.

ip nat inside source static tcp 192.168.1.20 21 interface FastEthernet0/0 21

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 permit tcp any host 192.168.1.20 eq ftp
access-list 110 permit ip any any

also trying:

ip nat inside source static tcp 192.168.1.20 21 PublicIP 21 extendable

but if scaning port 21, are closed, and no Connection available.

Mauri

mauric · ‎02-20-2017

Hello.

Please, i need to open port 21 from "Wan->Lan, site" on me Cisco 1841,

for any help i'am Happy

Regards

Mauri

Philip D'Ath · ‎02-20-2017

You'll just need to add a single NAT like you did last time.

mauric · ‎02-20-2017

thanks for your answer

Yes, i have done, i add this NAT but without success ! port 21, 25, 110 still are closed