Re: force smtp through serial0

pcollis · ‎07-18-2002

Hello, I have a 1720 router with two internet connections - Serial0 (leased line) and ATM0 (Adsl). We have to force smtp traffic out through ser0..

Have tried setting up policy based routing but cannot receive email..

the eth0 interface has an public address and nat is runiing on an internal firewall.

Any suggestions as to the best way to do this?

faheyd · ‎07-18-2002

Please post more info. Thanks. Connections, ip addressing ACL's, traffic shaping, conf on SMTP server, whatg policy have you tried, can you ping from a distant smtp gateway to your SMTP gateway. Traceroutes, etc.Little steps to big steps on a problem like this.

pcollis · ‎07-19-2002

Heres the original config with out PBR.

Everthing works except for inbound mail from the internet. If I change the default route back to ser0 the mail starts working again but ATM0 is not used Doh!. It looks like smtp comes in through ser0 but the reply is going out atm0 which is dropped by our ISP (Is this Asymertric Routing?).

TIA,

Paul,,,

Current configuration : 2988 bytes

!

version 12.2

no parser cache

service config

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname our-gw01

!

logging buffered 4096 debugging

logging rate-limit console 10 except errors

enable secret 5

enable password 7

!

memory-size iomem 25

clock timezone GMT 0

clock summer-time UK recurring last Sun Mar 1:00 last Sun Oct 1:00

ip subnet-zero

no ip source-route

!

no ip domain-lookup

ip name-server 139.132.230.62

!

no ip dhcp-client network-discovery

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

interface ATM0

no ip address

atm vc-per-vp 256

no atm ilmi-keepalive

pvc 8/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

no fair-queue

!

interface FastEthernet0

ip address 72.28.148.238 255.255.255.240

ip access-group 102 out

no ip proxy-arp

ip nat inside

speed auto

full-duplex

no cdp enable

!

interface Serial0

bandwidth 128

ip unnumbered FastEthernet0

ip access-group 101 out

encapsulation ppp

!

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer remote-name provider

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname some1

ppp chap password 7

!

ip nat inside source list 2 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 148.43.0.0 255.255.0.0 Serial0

no ip http server

!

logging trap debugging

access-list 1 permit 148.43.128.0 0.0.127.255

access-list 1 permit 62.17.158.224 0.0.0.15

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 2 permit any log

access-list 101 permit ip 72.28.148.224 0.0.0.15 any

access-list 102 deny ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip 172.16.0.0 0.15.255.255 any

access-list 102 deny ip 192.168.0.0 0.0.255.255 any

access-list 102 deny ip 62.17.158.224 0.0.0.15 any

access-list 102 permit icmp any any

access-list 102 deny udp any any eq 2049

access-list 102 deny tcp any any eq 2049

access-list 102 deny tcp any any eq 6000

access-list 102 permit tcp any any eq smtp

access-list 102 permit tcp any any eq 123

access-list 102 permit tcp any any eq ftp

access-list 102 permit tcp any any eq ftp-data

access-list 102 permit tcp any any eq nntp

access-list 102 permit tcp any any eq pop3

access-list 102 permit tcp any any eq 143

access-list 102 permit tcp any any eq www

access-list 102 permit tcp any any eq 443

access-list 102 permit tcp any any gt 1023

access-list 102 permit udp any any gt 1023

access-list 102 permit udp any any eq domain

dialer-list 1 protocol ip permit

!

line con 0

exec-timeout 0 0

password 7

login

line aux 0

line vty 0 4

access-class 1 in

password 7

login

line vty 5 15

login

!

no scheduler allocate

end

faheyd · ‎07-24-2002

Will someone take a shot at this, I think there is enough info for someone to make a guess.