×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

837 newb config questions

Unanswered Question

Hi,

I'm trying to set up an 837. I have it working and can browse out to the internet. I'm having problems with incoming SMTP connections (fail;) and access from a specific site. The config is attached.


Not only does the smtp incoming fail but when I enter an access-list such as

access-list 111 permit ip 192.168.54.229 10.1.1.1 any

it appears ok, but when I save and show the running-config the ip isn't the same. ???!!?


TIA for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
theclam Mon, 09/25/2006 - 04:45
User Badges:

Hi,


I think you have misunderstood the syntax for access lists. If you are trying to permit traffic from 192.168.54.229 to 10.1.1.1 then your access list entry would be:


access-list 111 permit ip host 192.168.54.229 host 10.1.1.1


I'm making the assumption that this access list is applied to the right interface, that no NAT is required, etc - if this router is on the end of a generic Internet connection then you will probably need NAT as well.


When you manage to get the config to upload I'll take another look.


Foeh


theclam Tue, 09/26/2006 - 04:10
User Badges:

Hi,


I don't know if it is possible to remove an attachment, but you should be very careful posting configs with the passwords in them!


Anything that is "level 7" encrypted (in this case, all the passwords except the enable secret) can be decrypted very easily with a wide variety of freely available tools.


Most people remove the enable secret as well when they post because that can sometimes be brute forced by a determined attacker.


Foeh


theclam Tue, 09/26/2006 - 03:09
User Badges:

Hi,


If you're expecting to accept incoming SMTP from the Internet, you will need to configure up a static NAT along the lines of:


ip nat inside source static tcp 10.1.1.1 25 interface Dialer1 25


That will allow anyone from the Internet to connect to your outside address on port 25, but really be connecting to your mail server.


Your SMTP entry in the ACL will need to be altered to reflect the outside address.


Foeh


Actions

This Discussion