Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

email issues on UC520

The physical ip of the UC520 router is xx.xx.xx.154.

I have another public ip xx.xx.xx.155 pointing to my mail server.

Using nat translations, i opened the ports for the mail server as shown below:

ip nat inside source static tcp 192.168.1.12 25 xx.xx.xx.155 25 extendable

ip nat inside source static tcp 192.168.1.12 80 xx.xx.xx.155 80 extendable

ip nat inside source static tcp 192.168.1.12 21 xx.xx.xx.155 21 extendable

ip nat inside source static tcp 192.168.1.12 443 xx.xx.xx.155 443 extendable

We are unable to send emails to certain domains (ex aol.com, rr.com) and the error we receive is "cannot find reverse hosting". The server sends the mail with .154 ip stamp  instead of the .155 ip

the ptr record for mail shows that it is resolved to xx.xx.xx.155

Any ideas why this is?

Everyone's tags (5)
5 REPLIES
Community Member

Re: email issues on UC520

Your configuration looks fine. Is it possible that aol, rr and other domains use a different port number to communicate? Since you have a dedicated IP address for the email server, can you use static nat for ip address (instead of port #)?

-Saurabh

Community Member

Re: email issues on UC520

Hi Saurabh,

Another observation: all the incoming connections are fine, however, all the outbound connections from all the servers (inc the mail server) are going out from xx.xx.xx.154 address (uc520).

I would like it to be setup where the outbound from each server goes out from the specified ip address.

For example,

We set up this translation:

Incoming: xx.xx.xx.155 -> 192.168.1.13 through ports 25,80,443,21 using the nat translation commands.

We have observed that the outbound connections from 192.168.1.13 are not going out through xx.xx.xx.155! Instead it shows going out from xx.xx.xx.154

Here, i would like to have the outbound from the mail server go out only through xx.xx.xx.154

Is there a similar translation to direct outbound traffic through the sepcified public address?

Will the static nat you mentioned take care of it?

Thanks!

Community Member

Re: email issues on UC520

What you've described, should set the NAT translations such that unique internal ipaddress/port# is tied to an external ipaddress/port#. Can you perform the following?

a) delete the static entries from UC 500 config

b) clear nat translations by executing "clear ip nat translation *"

c) reconfigure the static entries on UC 500

d) capture an output of "show ip nat translations"

Can you also provide version and configuration from the UC 500.

Thanks,
Saurabh

Community Member

Re: email issues on UC520

Hi Saurabh,

I used a static nat translation and then used an accesslist for allowing only certain ports open for communication. Its been working ok so far but will let you know if i run into issuesagain.

Thanks for the help!

Community Member

Re: email issues on UC520

another observation:

when i do a nslookup, i get the following:


> xx.xx.xx.154
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

*** vnsc-bak.sys.gtei.net can't find xx.xx.xx.154: Server failed


> xx.xx.xx.155
Server:  vnsc-bak.sys.gtei.net
Address:  4.2.2.2

*** vnsc-bak.sys.gtei.net can't find xx.xx.xx.155: Server failed


Any ideas what is causing this?

1472
Views
0
Helpful
5
Replies
CreatePlease to create content