Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
4
Replies

REAL IP Problem with INTERNET ROUTER

mmtantawi
Level 1
Level 1

‎09-21-2006 02:05 AM - edited ‎03-03-2019 02:04 PM

Dear All,

1.I have one Router for Internet 1841.

this Router have 2 Interface as following :-

1- the First Interface is connected to MY ISP Router with this IP :-

213.255.237.105.

2- the Second Interface is connected to MY Switch 'UNMANAGED SWITCH ', with this

IP :-

213.255.237.113 / 248.

So, here is My question

the People who are behind interface 213.255.237.113 / 248 are 3 Peoples.

as follsoing :-

1- First PC --- have this IP 213.255.237.115 .

2- Second One --- 213.255.237.116

3- third one----213.255.237.117.

======================================

untill Now, every thing is Clear.

MY E-mail server is hosted in MY ISP Side, and i am using POP3 Account to access it from any where .

Now, the Third user which have this Real IP Address ( 213.255.237.117 ), reported to me that , he is UNABLE COMPLETELY TO RECEIVE ANY E-MAILS using POP3, but he is able to send " SMTP", and able to browse Internet " HTTP".

the others Users did not reported at all like this Problem at all.

and all of them able to send / receive / browsing .

to make a test over his PC , i shutdown his PC Completely, and i put my LAPTOP instead of him, and with the same IP and i found that the same Problem.

All the IP are real IPs for the 2 interfaces which is F0/0 & F0/1 from MY ISP.

-------------

the Router is have this Access List:-

so where is the Problem ?

could it be from the ISP HIM SELF ? or from my router .

=======================================

access-list 1 permit 213.255.237.104 0.0.0.7

access-list 1 permit 213.255.237.112 0.0.0.7

access-list 1 permit 172.16.0.0 0.0.0.255

access-list 2 permit 213.255.237.109

access-list 2 permit 172.16.1.4

access-list 2 permit 172.16.1.1

access-list 2 permit 172.16.0.0 0.0.255.255

access-list 103 deny ip 127.0.0.0 0.255.255.255 any

access-list 103 deny ip 255.0.0.0 0.255.255.255 any

access-list 103 deny ip 224.0.0.0 7.255.255.255 any

access-list 103 deny ip 213.255.237.104 0.0.0.7 213.255.237.104 0.0.0.7

access-list 103 deny ip 213.255.237.112 0.0.0.7 213.255.237.104 0.0.0.7

access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 2000 2002

access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 6000 6003

access-list 103 deny udp any 213.255.237.104 0.0.0.7 range 6000 6003

access-list 103 deny tcp any 213.255.237.104 0.0.0.7 eq 2049

access-list 103 deny udp any 213.255.237.104 0.0.0.7 eq 2049

access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 2000 2002

access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 6000 6003

access-list 103 deny udp any 213.255.237.112 0.0.0.7 range 6000 6003

access-list 103 deny tcp any 213.255.237.112 0.0.0.7 eq 2049

access-list 103 deny udp any 213.255.237.112 0.0.0.7 eq 2049

access-list 103 deny tcp any host 213.255.237.115 eq 8080

access-list 103 deny udp any host 213.255.237.115 eq 8080

access-list 103 deny tcp any host 213.255.237.115 eq 8081

access-list 103 deny udp any host 213.255.237.115 eq 8081

access-list 103 deny tcp any host 213.255.237.116 eq 7988

access-list 103 deny udp any host 213.255.237.116 eq 7988

access-list 103 deny tcp any host 213.255.237.115 eq 8091

access-list 103 deny udp any host 213.255.237.115 eq 8091

access-list 103 permit udp any 213.255.237.104 0.0.0.7 gt 1023

access-list 103 permit tcp any 213.255.237.104 0.0.0.7 gt 1023

access-list 103 permit udp any 213.255.237.112 0.0.0.7 gt 1023

access-list 103 permit tcp any 213.255.237.112 0.0.0.7 gt 1023

access-list 103 deny tcp any 213.255.237.104 0.0.0.7

access-list 103 deny udp any 213.255.237.112 0.0.0.7

access-list 103 permit tcp any host 213.255.237.116 eq smtp

access-list 103 permit tcp any host 213.255.237.116 eq pop3

access-list 103 permit ip any any

snmp-server community HO-RO-Internet RO

Labels:
0 Helpful
4 Replies 4

lgijssel
Level 9
Level 9

‎09-21-2006 02:20 AM

That is quite some issue. The cause might very well be acl-related but this will be hard to tell for us as you did not specify their use. I would point at acl 103 instinctively as this one is far too long anyway. It could also be a configuration issue on the mailserver as there are no other problems except from pop3 receiving.

You public IP's are in the open now anyway so you might as well post the router config as well. Then we might be able to detect some other possible causes.

I would also advise you to contact a local cisco reseller and have a review of your security. I am certain that many on this forum will be eager enough to help you with this for a few points but after all your local reseller has to make a living too, isn't it?

Regards,

Leo

0 Helpful

globalnettech
Level 5
Level 5
In response to lgijssel

‎09-21-2006 02:50 AM

Hello Mohammed,

in order to exclude that your problem is access-list related, you could try, if possible, to temporarily remove access list 103 from the interface, and see if that makes a difference.

When you use your laptop to test, are you using the same user account ? If so, the issue might be user (ID) related...

Regards,

GNT

0 Helpful

mmtantawi
Level 1
Level 1
In response to globalnettech

‎09-21-2006 03:06 AM

Thanks ,

But take care,

if i remove the Access list, every thing will be disable completely .

becasue the Accees-list if its removed, every thing will be blocked .

so is that correct ?

also, BTW,

see this Access-List :-

1- access-list 103 permit tcp any host 213.255.237.116 eq smtp

2- access-list 103 permit tcp any host 213.255.237.116 eq POP3.

3- access-list 103 Permit tcp any host 213.255.237.115 eq smtp

4- access-list 102 permit tcp any host 213.255.237.115 eq POP3.

5- access-list 103 Permit any any.

now, as you can see there is no any Access-list for this IP 213.255.237.117 at all.

so maybe this could be a problem ?

but if this was the Problem, i think its clear that , i have access list that permit every thing from any where to any where , so there is no any thing for that . was i correct .

please guide me as much as you can .

0 Helpful

lgijssel
Level 9
Level 9
In response to mmtantawi

‎09-21-2006 03:10 AM

Having no access-list means that there is no restriction to the traffic at all. So everything will not be disabled but on the contrary, everything will be accessible.

This only to be used for testing purposes. It won't take long to determine if the access-list is causing your troubles. Let us know!

Regards,

Leo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card