Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT to mail server not working.

Hi There

I am trying to set up one of my cisco routers to NAT  to my mail server but my client con not connect and I cant see what i'm missing.

Any help appreciated.

Here is my config:-

service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router101.4
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username gkonheiser password 7 xxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
!
!
ip name-server 62.2.17.60
ip name-server 62.2.24.162
!
!
controller E1 1/0
!
!
!
interface FastEthernet0/0
description WAN
ip address 62.xxx.xxx.xxx 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.xxx.223 255.255.255.0
ip nat inside
speed 100
full-duplex
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.xxx.xxx 62.xxx.xxx.xxx
ip nat inside source static tcp 192.168.xxx.21 25 62.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.xxx.21 443 62.xxx.xxx.xxx 443 extendable
ip nat inside source static tcp 192.168.xxx.21 80 62.xxx.xxx.xxx 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 62.xxx.xxx.xxx
no ip http server
ip pim bidir-enable
!
!
access-list 1 remark Internet access list
access-list 1 permit 192.168.xxx.0 0.0.0.255
access-list 1 remark Internet access list
access-list 1 remark Internet access list
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxx
login local
line vty 5 15
password 7 xxxxxxxxxxxxxxxxxxxxx
login local
!
!
end

Everyone's tags (5)
2 REPLIES

Re: NAT to mail server not working.

Re-write the nat overload access-list to deny the internal mail server IP address, ie


access-list 1 remark Internet access list

access-list 1 deny 192.168.xxx.21
access-list 1 permit 192.168.xxx.0 0.0.0.255

The above wille exempt the mail server from the dynamic nat, and allow the static to override.

Normally static overides dynamic - but it's worth a try!!

New Member

Re: NAT to mail server not working.

Hi Andrew

Thanks for your help.I solved the problem yesterday. It was due to a STUPID over sight on my behalf.

Gordon

883
Views
3
Helpful
2
Replies