Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT trouble with web and smtp

Hi!

I have implemented NAT on my 1605R router but I having some problems..

Since then I can't send outgoing mail with SMTP.

The mailserver belongs to my ISP.

I get a message that the TCP/IP connection was lost when I'm sending a mail. That worked before I implemented NAT. And I also trying to port forwarding web traffic to a machine on the inside.

I get a connection, but no pages displays.

Please look at my config and give me hints whats wrong? Only the password parts are missing from it:

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Tilda

!

boot system tftp c1600-sy-mz.123-1.bin 192.168.1.5

logging console critical

enable password <----------->

!

ip subnet-zero

ip name-server 192.71.220.10

!

ip accounting-threshold 10

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

!

!

interface Ethernet0

description connected to EthernetLAN

ip address 192.168.1.1 255.255.255.0

ip accounting output-packets

ip nat inside

!

interface Ethernet1

description Internet

no ip address

no ip redirects

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dialer1

ip address negotiated previous

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username <account + password>

!

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 192.168.1.21 80 interface Dialer1 80

ip nat inside source static tcp 192.168.1.1 23 interface Dialer1 443

ip nat inside source static tcp 192.168.1.5 25 interface Dialer1 25

ip nat inside source static tcp 192.168.1.5 5900 interface Dialer1 8080

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

snmp-server community public RO

snmp-server enable traps tty

!

end

Best regards

/Leif

8 REPLIES
Gold

Re: NAT trouble with web and smtp

At least for mail, I suggest a static nat entry for your inside to outside server address

Re: NAT trouble with web and smtp

Are you sure you are getting the same ip address (public ip) negotiated from your ISP ??? If this keeps changing, you might have problems receiving email communications, between outside servers and your internal server. (Even though DNS records will have a static entry). Its better to put a static pubic ip address, instead of specifying the ip address of the dialer interface, which is negotiated each time.

Community Member

Re: NAT trouble with web and smtp

No, I don't get the same ip address but it doesn't matter. I don't have a mailserver on my network. The mailserver for pop and smtp are on the Internet.

Re: NAT trouble with web and smtp

If thats the case, then you dont need all those static tcp mappings for the NAT. Just a simple nat statement such as,

"ip nat inside source list 1 interface dialer 1 overload" would do the job.

Community Member

Re: NAT trouble with web and smtp

How do you mean? Is it really necessary?

Can you give a example?

Community Member

Re: NAT trouble with web and smtp

Hi, I suggest you just do a stic nat and ignore the protocol part of it.

i mean the line

ip nat inside source list 1 interface Dialer1 overload

is enough and you should remove the other ip nat commands specifying the port and protocols.

cheers.

Community Member

Re: NAT trouble with web and smtp

But how do I direct traffic to other hosts on my network without them? Is "ip nat inside source static 192.168.1.5 interface Ethernet 1" enough?

But if I have other hosts?

Community Member

Re: NAT trouble with web and smtp

Yes, it worked better! Thank you!

109
Views
5
Helpful
8
Replies
CreatePlease to create content