Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to configure SDM v22 Firewall congi to allow in SMTP to my Exch Srvr

Hello

I am trying to configure my 1811W firewall config via SDM to send inbound smtp traffic to my exchange server...easy setup as I am a small copany with a small network yet its been about 6 hrs now and I cant get it to work.

Info

I have two interfaces - one WAN IP (FE1) and LAN IP configured on 1811

FW Policies/ACL/rules are as follows:

From WAN/FE1 to LAN

-FROM ANY to the LAN IP address of my Exchange Server for SMTP at Port 25

-From ANY to the LAN IP Address of my 1811 Router for SMTP at Port 25

The only denies I have are

From 0.0.0.0 to any and the other private addresses

Do I have to do anything else??

HELP!! Thanks in advance

17 REPLIES
Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

post the config you have so far.

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

Hi

How do I post the config in SDM? (Extreme newbie/First day doing Cisco firewalls) :-)

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

If you don't have ssh or telnet access, in SDM you can click on the "VIEW" tab at the top and select running config. Copy and paste the remove your outside ip address for security reasons.

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

here is the attchment thx

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

OK, you need to have a PAT on the outside interface.

Something like this

ip nat inside source static tcp 25 interface fastethernet1 25

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

how do i do that through the sdm gui? I am not technical - thx

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

here is the file secured

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

Hi froggy

how do i add the PAT through the sdm gui? what is a PAT? I am not technical sorry

Thx.

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

do you only have access to the gui? not ssh or telnet?

I honestly have not used sdm that much to know where to configure PAT. It should be fairly simple through the gui. One thing I did notice about your config is your BVI is your internal interface. What type of connection do you have to the Internet?

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

Great article thx

To your other questions, I have Telnet built into SDM and I have a T1 to the Internet

I did find it (I believe in the gui) under NAT

Under NAT in the GUI, it now shows:

Original Addres = 192.168.1.201 (25)

Translated address = Public IP address (25)

You mentioned BVI I dont know how I got that, I followed an EZ setup wizard...should I try and change that?

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

Update

I reset to factpry default and this time i did not build it with vlan

made PAT entry still doesnt work

attaching new config

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

your pat statement needs to be on fastethernet 1

That is your outside interface.

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

your pat statement needs to be on fastethernet 1

That is your outside interface.

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

Hi it still doesnt work

I enclosed my latest config

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

This PAT change is now causing an IP address conflict with my exchange server!Help

Community Member

Re: How to configure SDM v22 Firewall congi to allow in SMTP to

You mentioned the statement

ip nat inside source static tcp 25 interface fastethernet1 25

above

but when I configure it on the outside address it lists

ip nat outside source static tcp 25 interface fastethernet1 25

in the config file

should it be

ip nat outside source static tcp 25 interface fastethernet1 25

or

ip nat inside source static tcp 25 interface fastethernet1 25???

thx

330
Views
0
Helpful
17
Replies
CreatePlease to create content