Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

837 newb config questions

Hi,

I'm trying to set up an 837. I have it working and can browse out to the internet. I'm having problems with incoming SMTP connections (fail;) and access from a specific site. The config is attached.

Not only does the smtp incoming fail but when I enter an access-list such as

access-list 111 permit ip 192.168.54.229 10.1.1.1 any

it appears ok, but when I save and show the running-config the ip isn't the same. ???!!?

TIA for any help.

7 REPLIES
Community Member

Re: 837 newb config questions

Apparently Opera 9.04 and IE 7 don't work for attachemnts. What does?

Community Member

Re: 837 newb config questions

Hi,

I think you have misunderstood the syntax for access lists. If you are trying to permit traffic from 192.168.54.229 to 10.1.1.1 then your access list entry would be:

access-list 111 permit ip host 192.168.54.229 host 10.1.1.1

I'm making the assumption that this access list is applied to the right interface, that no NAT is required, etc - if this router is on the end of a generic Internet connection then you will probably need NAT as well.

When you manage to get the config to upload I'll take another look.

Foeh

Community Member

Re: 837 newb config questions

Firefox appears to work.

Community Member

Re: 837 newb config questions

Hi,

I don't know if it is possible to remove an attachment, but you should be very careful posting configs with the passwords in them!

Anything that is "level 7" encrypted (in this case, all the passwords except the enable secret) can be decrypted very easily with a wide variety of freely available tools.

Most people remove the enable secret as well when they post because that can sometimes be brute forced by a determined attacker.

Foeh

Community Member

Re: 837 newb config questions

Foeh,

Not to worry. The encrypted stuff has been "chopped up" with a text editor. Even the IPs have been changed to protect the innocent.

Dennis

Community Member

Re: 837 newb config questions

Foeh,

You're right. I now have it accepting the access-list entry as you suggested. I'm finding that the Cisco documentation is very similar to Unix docs - once you know how it works the docs make sense. ;)

I still have the smtp problem though.

Thanks for your help.

Dennis

Community Member

Re: 837 newb config questions

Hi,

If you're expecting to accept incoming SMTP from the Internet, you will need to configure up a static NAT along the lines of:

ip nat inside source static tcp 10.1.1.1 25 interface Dialer1 25

That will allow anyone from the Internet to connect to your outside address on port 25, but really be connecting to your mail server.

Your SMTP entry in the ACL will need to be altered to reflect the outside address.

Foeh

108
Views
0
Helpful
7
Replies
CreatePlease to create content