×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to configure SDM v22 Firewall congi to allow in SMTP to my Exch Srvr

Unanswered Question
Mar 19th, 2006
User Badges:

Hello

I am trying to configure my 1811W firewall config via SDM to send inbound smtp traffic to my exchange server...easy setup as I am a small copany with a small network yet its been about 6 hrs now and I cant get it to work.

Info

I have two interfaces - one WAN IP (FE1) and LAN IP configured on 1811


FW Policies/ACL/rules are as follows:

From WAN/FE1 to LAN

-FROM ANY to the LAN IP address of my Exchange Server for SMTP at Port 25


-From ANY to the LAN IP Address of my 1811 Router for SMTP at Port 25


The only denies I have are

From 0.0.0.0 to any and the other private addresses


Do I have to do anything else??

HELP!! Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tomricher Sun, 03/19/2006 - 15:04
User Badges:

Hi

How do I post the config in SDM? (Extreme newbie/First day doing Cisco firewalls) :-)

froggy3132000 Sun, 03/19/2006 - 15:24
User Badges:
  • Bronze, 100 points or more

If you don't have ssh or telnet access, in SDM you can click on the "VIEW" tab at the top and select running config. Copy and paste the remove your outside ip address for security reasons.

froggy3132000 Sun, 03/19/2006 - 15:30
User Badges:
  • Bronze, 100 points or more

OK, you need to have a PAT on the outside interface.


Something like this


ip nat inside source static tcp 25 interface fastethernet1 25

tomricher Sun, 03/19/2006 - 15:34
User Badges:

how do i do that through the sdm gui? I am not technical - thx

tomricher Sun, 03/19/2006 - 16:02
User Badges:

Hi froggy

how do i add the PAT through the sdm gui? what is a PAT? I am not technical sorry


Thx.

froggy3132000 Sun, 03/19/2006 - 16:13
User Badges:
  • Bronze, 100 points or more

do you only have access to the gui? not ssh or telnet?


I honestly have not used sdm that much to know where to configure PAT. It should be fairly simple through the gui. One thing I did notice about your config is your BVI is your internal interface. What type of connection do you have to the Internet?

tomricher Sun, 03/19/2006 - 16:43
User Badges:

Great article thx

To your other questions, I have Telnet built into SDM and I have a T1 to the Internet


I did find it (I believe in the gui) under NAT


Under NAT in the GUI, it now shows:

Original Addres = 192.168.1.201 (25)

Translated address = Public IP address (25)


You mentioned BVI I dont know how I got that, I followed an EZ setup wizard...should I try and change that?

tomricher Sun, 03/19/2006 - 17:18
User Badges:

Update

I reset to factpry default and this time i did not build it with vlan

made PAT entry still doesnt work

attaching new config




Attachment: 
froggy3132000 Sun, 03/19/2006 - 17:43
User Badges:
  • Bronze, 100 points or more

your pat statement needs to be on fastethernet 1


That is your outside interface.

froggy3132000 Sun, 03/19/2006 - 17:49
User Badges:
  • Bronze, 100 points or more

your pat statement needs to be on fastethernet 1


That is your outside interface.

tomricher Sun, 03/19/2006 - 18:16
User Badges:

This PAT change is now causing an IP address conflict with my exchange server!Help

tomricher Sun, 03/19/2006 - 18:24
User Badges:

You mentioned the statement

ip nat inside source static tcp 25 interface fastethernet1 25


above


but when I configure it on the outside address it lists

ip nat outside source static tcp 25 interface fastethernet1 25


in the config file


should it be

ip nat outside source static tcp 25 interface fastethernet1 25

or


ip nat inside source static tcp 25 interface fastethernet1 25???


thx

Actions

This Discussion