07-18-2002 02:03 AM - edited 03-01-2019 11:59 PM
Hello, I have a 1720 router with two internet connections - Serial0 (leased line) and ATM0 (Adsl). We have to force smtp traffic out through ser0..
Have tried setting up policy based routing but cannot receive email..
the eth0 interface has an public address and nat is runiing on an internal firewall.
Any suggestions as to the best way to do this?
07-18-2002 09:54 AM
Please post more info. Thanks. Connections, ip addressing ACL's, traffic shaping, conf on SMTP server, whatg policy have you tried, can you ping from a distant smtp gateway to your SMTP gateway. Traceroutes, etc.Little steps to big steps on a problem like this.
07-19-2002 12:07 AM
Heres the original config with out PBR.
Everthing works except for inbound mail from the internet. If I change the default route back to ser0 the mail starts working again but ATM0 is not used Doh!. It looks like smtp comes in through ser0 but the reply is going out atm0 which is dropped by our ISP (Is this Asymertric Routing?).
TIA,
Paul,,,
Current configuration : 2988 bytes
!
!
version 12.2
no parser cache
service config
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname our-gw01
!
logging buffered 4096 debugging
logging rate-limit console 10 except errors
enable secret 5
enable password 7
!
memory-size iomem 25
clock timezone GMT 0
clock summer-time UK recurring last Sun Mar 1:00 last Sun Oct 1:00
ip subnet-zero
no ip source-route
!
!
no ip domain-lookup
ip name-server 139.132.230.62
!
no ip dhcp-client network-discovery
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
interface ATM0
no ip address
atm vc-per-vp 256
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
no fair-queue
!
interface FastEthernet0
ip address 72.28.148.238 255.255.255.240
ip access-group 102 out
no ip proxy-arp
ip nat inside
speed auto
full-duplex
no cdp enable
!
interface Serial0
bandwidth 128
ip unnumbered FastEthernet0
ip access-group 101 out
encapsulation ppp
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer remote-name provider
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname some1
ppp chap password 7
!
ip nat inside source list 2 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 148.43.0.0 255.255.0.0 Serial0
no ip http server
!
logging trap debugging
access-list 1 permit 148.43.128.0 0.0.127.255
access-list 1 permit 62.17.158.224 0.0.0.15
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit any log
access-list 101 permit ip 72.28.148.224 0.0.0.15 any
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 62.17.158.224 0.0.0.15 any
access-list 102 permit icmp any any
access-list 102 deny udp any any eq 2049
access-list 102 deny tcp any any eq 2049
access-list 102 deny tcp any any eq 6000
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq 123
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq ftp-data
access-list 102 permit tcp any any eq nntp
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq 143
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any gt 1023
access-list 102 permit udp any any gt 1023
access-list 102 permit udp any any eq domain
dialer-list 1 protocol ip permit
!
!
!
line con 0
exec-timeout 0 0
password 7
login
line aux 0
line vty 0 4
access-class 1 in
password 7
login
line vty 5 15
login
!
no scheduler allocate
end
07-24-2002 11:54 AM
Will someone take a shot at this, I think there is enough info for someone to make a guess.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide