Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Upgraded IOS- -Cannot route SMTP via NAT

I was wondering if someone can lend a hand with this issue. I have upgraded my IOS and cannot for the life of me get SMTP to route to my internal server. I upgraded from c831-k9o3y6-mz.123-2.XC2.bin to c831-k9o3sy6-mz.123-4.T7.bin. Here are my specifics

IOS (tm) C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Synched to technology version 12.3(1.6)T

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

ROM: C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE

SOFTWARE (fc1)

System image file is "flash:c831-k9o3y6-mz.123-2.XC2.bin"

running-config

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname cisco831

!

no logging buffered

enable secret xxx

!

username xxx password xxx

no aaa new-model

ip subnet-zero

ip name-server 64.XXX.XXX.8

ip name-server 206.XXX.XXX.12

ip dhcp excluded-address 192.168.0.1

ip dhcp excluded-address 192.168.0.1 192.168.0.99

ip dhcp excluded-address 192.168.0.11

ip dhcp excluded-address 192.168.0.10

!

ip dhcp pool CLIENT

import all

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

lease 0 2

!

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0

description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.255.0

ip address 192.168.0.1 255.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip mroute-cache

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address 63.XXX.XXX.114 255.255.255.252

ip access-group 111 in

ip nat outside

ip inspect myfw out

no ip mroute-cache

duplex auto

no cdp enable

!

ip nat inside source list 102 interface Ethernet1 overload

ip nat inside source static tcp 192.168.0.40 25 interface Ethernet1 25

ip nat inside source static tcp 192.168.0.40 110 interface Ethernet1 110

ip nat inside source static tcp 192.168.0.40 21 interface Ethernet1 21

ip nat inside source static tcp 192.168.0.40 80 interface Ethernet1 80

ip classless

ip route 0.0.0.0 0.0.0.0 63.XXX.XXX.113

ip http server

no ip http secure-server

!

access-list 23 permit 192.168.0.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 192.168.0.0 0.0.0.255 any

access-list 111 permit tcp any any eq smtp

access-list 111 permit tcp any any eq pop3

access-list 111 permit tcp any any eq ftp

access-list 111 permit tcp any any eq www

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq 10000

access-list 111 permit tcp any any eq 1723

access-list 111 permit tcp any any eq 139

access-list 111 permit udp any any eq netbios-ns

access-list 111 permit udp any any eq netbios-dgm

access-list 111 permit gre any any

access-list 111 deny ip any any

no cdp run

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end

1 REPLY

Re: Upgraded IOS- -Cannot route SMTP via NAT

So you mean to say, no config changes were made, before or after the upgrade (just that the IOS has changed). Can you remove the IP Inspect command from ethernet interface 1 and see if you are able to send / receive mail ?

104
Views
0
Helpful
1
Replies
CreatePlease to create content