Solved: Re: Cisco887 IOS 15.9.3, ESMTP & SMTP Inspection

JulioGarcia · ‎12-28-2021

Greetings and Happy Holidays!

I'm implementing ipv6 on my network i had achieve connetion to all my hosts and servers on my network with ipv6 address. But dynu server can't sent mail through my server, it could connect to it but when the connection is made this error occurs:

The read operation failed. Bytes transferred: 0 ..... Code:2 Message: End of File

I have checked the windows 2012r2 firewall and apparently everything is ok there. On that same server I'm running a web server, web server has not issues having access to the Internet, everyone have access to webpage. So maybe, there is an issue with cisco's firewall, i have receive some suggestion from the mail's server software support team that it could be a smtp or esmtp inspection on cisco. So how could I configure the smtp and esmtp inspection on my cisco? please.

I'm running the latest ios, 15.9.3 on an ISR Cisco887VAG2 router. This is my configuration on my cisco router.

advipservices and advsecurity are active

Current configuration : 7780 bytes
!
! Last configuration change at 02:56:58 GMT Tue Dec 28 2021 by ITJulio
!
version 15.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AEIC887ISR
!
boot-start-marker
boot-end-marker
!
!
enable secret 9 $9$BQoBFu02VeCxlk$3pj1LSQzy3MOnEYtrxzDwlQN.vaCc2x9/frPv9nyADA
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
clock timezone GMT -6 0
!
crypto pki trustpoint TP-self-signed-979907842
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-979907842
revocation-check none
rsakeypair TP-self-signed-979907842
!
!
crypto pki certificate chain TP-self-signed-xxxxxxx
certificate self-signed 01
certificate code############
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.10.10.75
!
ip dhcp pool INTRANET
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.75
dns-server 10.10.10.6 1.1.1.1 1.0.0.1
lease 0 2
!
ip dhcp pool Tenda_263130
host 10.10.10.1 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool Tenda_49C048
host 10.10.10.2 255.255.255.128
client-identifier xxx.xxxx.xxx.xxx
default-router 10.10.10.75
!
ip dhcp pool ProjectorPC
host 10.10.10.3 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool WorkstationJc
host 10.10.10.4 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool LenovoK5Pro_JC
host 10.10.10.5 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool SERVER000
host 10.10.10.6 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
domain-name mydomain.com
dns-server 10.10.10.6
!
!
!
ip domain name mydomain.com
ip host mail.mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip host mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip host server000.mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip name-server 10.10.10.6
ip name-server FE80::55A0:6CF9:1655:3065
ip name-server 2606:4700:4700::1111
ip name-server 2806:109F:1A:313D:55A0:6CF9:1655:3065
ip dhcp-server 10.10.10.75
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool DHCPv6-Intranet
dns-server 2806:109F:1A:313D:55A0:6CF9:1655:3065
domain-name mydomain.com
import information refresh
!
!
!
multilink bundle-name authenticated
chat-script cdma "" "atdt#777" TIMEOUT 60 "CONNECT"
license udi pid C887VAG-S-K9 sn xxxxxxxx
!
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
!
username username privilege 15 secret 9 secret
!
!
!
!
!
controller VDSL 0
operating mode adsl2+ annex A
sync mode itu
sra
!
controller Cellular 0
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description DSL_Connection
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/81
tx-ring-limit 2
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet1
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet2
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet3
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface Cellular0
no ip address
encapsulation ppp
shutdown
dialer in-band
dialer string cdma
!
interface Vlan1
ip address 10.10.10.75 255.255.255.128
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ipv6 address FE80::7E69:F6FF:FE24:45CE link-local
ipv6 address INFINITUM-PD ::/64 eui-64
ipv6 enable
ipv6 mtu 1472
ipv6 nd other-config-flag
ipv6 nd ra dns server 2806:109F:1A:313D:55A0:6CF9:1655:3065
ipv6 tcp adjust-mss 1440
ipv6 verify unicast reverse-path
ipv6 dhcp server DHCPv6-Intranet
ipv6 traffic-filter VLAN-out-ACL6 out
!
interface Dialer1
description INFINITUM_WAN
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ipv6 address FE80::7E69:F6FF:FE24:45D2 link-local
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1472
ipv6 tcp adjust-mss 1432
ipv6 verify unicast reverse-path
ipv6 dhcp client pd INFINITUM-PD rapid-commit
ipv6 traffic-filter INTERNET-IN-ACL6 in
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password 0 mypassword
ppp pap sent-username username password 0 mypassword
!
ip default-gateway 10.10.10.75
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static udp 10.10.10.4 1802 interface Dialer1 1802
ip nat inside source static tcp 10.10.10.4 1802 interface Dialer1 1802
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit icmp any any
permit ip object-group local_lan_subnets any
deny ip any any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer1
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
!
!
ipv6 access-list INTERNET-IN-ACL6
permit icmp any any
sequence 320 permit tcp any any
permit udp any any
!
ipv6 access-list VLAN-out-ACL6
permit icmp any any
permit tcp any any
permit udp any any
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 3
script dialer cdma
no exec
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
event manager applet MONITOR-IPV6-DHCP-APP
event syslog pattern "DIALER-6-BIND"
action 1.0 cli command "enable"
action 1.1 cli command "clear ipv6 dhcp client Dialer 1"
action 2.0 syslog priority debugging msg "Refreshed IPv6 DHCP PD lease (Dialer rebind)"
!
end

Thanks in advaced.

Georg Pauwen · ‎12-28-2021

Hello,

there is no ESMTP/SMTP inspection in Cisco IOS, only on ASA firewalls. I cannot see anything particular in your configuration that might cause this, but take out the 'ip default gateway' line, as this can cause unwanted behavior. Also, try and disable the IPv6 access lists, and check what the results are. So in short, make the changes marked in bold:

Current configuration : 7780 bytes
!
! Last configuration change at 02:56:58 GMT Tue Dec 28 2021 by ITJulio
!
version 15.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AEIC887ISR
!
boot-start-marker
boot-end-marker
!
enable secret 9 $9$BQoBFu02VeCxlk$3pj1LSQzy3MOnEYtrxzDwlQN.vaCc2x9/frPv9nyADA
!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
clock timezone GMT -6 0
!
crypto pki trustpoint TP-self-signed-979907842
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-979907842
revocation-check none
rsakeypair TP-self-signed-979907842
!
crypto pki certificate chain TP-self-signed-xxxxxxx
certificate self-signed 01
certificate code############
!
ip dhcp excluded-address 10.10.10.75
!
ip dhcp pool INTRANET
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.75
dns-server 10.10.10.6 1.1.1.1 1.0.0.1
lease 0 2
!
ip dhcp pool Tenda_263130
host 10.10.10.1 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool Tenda_49C048
host 10.10.10.2 255.255.255.128
client-identifier xxx.xxxx.xxx.xxx
default-router 10.10.10.75
!
ip dhcp pool ProjectorPC
host 10.10.10.3 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool WorkstationJc
host 10.10.10.4 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool LenovoK5Pro_JC
host 10.10.10.5 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool SERVER000
host 10.10.10.6 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
domain-name mydomain.com
dns-server 10.10.10.6
!
ip domain name mydomain.com
ip host mail.mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip host mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip host server000.mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip name-server 10.10.10.6
ip name-server FE80::55A0:6CF9:1655:3065
ip name-server 2606:4700:4700::1111
ip name-server 2806:109F:1A:313D:55A0:6CF9:1655:3065
ip dhcp-server 10.10.10.75
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool DHCPv6-Intranet
dns-server 2806:109F:1A:313D:55A0:6CF9:1655:3065
domain-name mydomain.com
import information refresh
!
multilink bundle-name authenticated
chat-script cdma "" "atdt#777" TIMEOUT 60 "CONNECT"
license udi pid C887VAG-S-K9 sn xxxxxxxx
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
!
username username privilege 15 secret 9 secret
!
controller VDSL 0
operating mode adsl2+ annex A
sync mode itu
sra
!
controller Cellular 0
no cdp run
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description DSL_Connection
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/81
tx-ring-limit 2
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
interface FastEthernet0
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet1
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet2
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet3
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface Cellular0
no ip address
encapsulation ppp
shutdown
dialer in-band
dialer string cdma
!
interface Vlan1
ip address 10.10.10.75 255.255.255.128
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ipv6 address FE80::7E69:F6FF:FE24:45CE link-local
ipv6 address INFINITUM-PD ::/64 eui-64
ipv6 enable
ipv6 mtu 1472
ipv6 nd other-config-flag
ipv6 nd ra dns server 2806:109F:1A:313D:55A0:6CF9:1655:3065
ipv6 tcp adjust-mss 1440
ipv6 verify unicast reverse-path
no ipv6 dhcp server DHCPv6-Intranet
--> no ipv6 traffic-filter VLAN-out-ACL6 out
!
interface Dialer1
description INFINITUM_WAN
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ipv6 address FE80::7E69:F6FF:FE24:45D2 link-local
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1472
ipv6 tcp adjust-mss 1432
ipv6 verify unicast reverse-path
ipv6 dhcp client pd INFINITUM-PD rapid-commit
--> no ipv6 traffic-filter INTERNET-IN-ACL6 in
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password 0 mypassword
ppp pap sent-username username password 0 mypassword
!
--> no ip default-gateway 10.10.10.75
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static udp 10.10.10.4 1802 interface Dialer1 1802
ip nat inside source static tcp 10.10.10.4 1802 interface Dialer1 1802
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit icmp any any
permit ip object-group local_lan_subnets any
deny ip any any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer1
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
ipv6 access-list INTERNET-IN-ACL6
permit icmp any any
sequence 320 permit tcp any any
permit udp any any
!
ipv6 access-list VLAN-out-ACL6
permit icmp any any
permit tcp any any
permit udp any any
!
control-plane
!
line con 0
no modem enable
line aux 0
line 3
script dialer cdma
no exec
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
event manager applet MONITOR-IPV6-DHCP-APP
event syslog pattern "DIALER-6-BIND"
action 1.0 cli command "enable"
action 1.1 cli command "clear ipv6 dhcp client Dialer 1"
action 2.0 syslog priority debugging msg "Refreshed IPv6 DHCP PD lease (Dialer rebind)"
!
end

View solution in original post

Georg Pauwen · ‎12-28-2021

Hello,

there is no ESMTP/SMTP inspection in Cisco IOS, only on ASA firewalls. I cannot see anything particular in your configuration that might cause this, but take out the 'ip default gateway' line, as this can cause unwanted behavior. Also, try and disable the IPv6 access lists, and check what the results are. So in short, make the changes marked in bold:

Current configuration : 7780 bytes
!
! Last configuration change at 02:56:58 GMT Tue Dec 28 2021 by ITJulio
!
version 15.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AEIC887ISR
!
boot-start-marker
boot-end-marker
!
enable secret 9 $9$BQoBFu02VeCxlk$3pj1LSQzy3MOnEYtrxzDwlQN.vaCc2x9/frPv9nyADA
!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
clock timezone GMT -6 0
!
crypto pki trustpoint TP-self-signed-979907842
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-979907842
revocation-check none
rsakeypair TP-self-signed-979907842
!
crypto pki certificate chain TP-self-signed-xxxxxxx
certificate self-signed 01
certificate code############
!
ip dhcp excluded-address 10.10.10.75
!
ip dhcp pool INTRANET
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.75
dns-server 10.10.10.6 1.1.1.1 1.0.0.1
lease 0 2
!
ip dhcp pool Tenda_263130
host 10.10.10.1 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool Tenda_49C048
host 10.10.10.2 255.255.255.128
client-identifier xxx.xxxx.xxx.xxx
default-router 10.10.10.75
!
ip dhcp pool ProjectorPC
host 10.10.10.3 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool WorkstationJc
host 10.10.10.4 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool LenovoK5Pro_JC
host 10.10.10.5 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
!
ip dhcp pool SERVER000
host 10.10.10.6 255.255.255.128
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.10.10.75
domain-name mydomain.com
dns-server 10.10.10.6
!
ip domain name mydomain.com
ip host mail.mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip host mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip host server000.mydomain.com 10.10.10.6 2806:109F:1A:313D:55A0:6CF9:1655:3065 FE80::55A0:6CF9:1655:3065
ip name-server 10.10.10.6
ip name-server FE80::55A0:6CF9:1655:3065
ip name-server 2606:4700:4700::1111
ip name-server 2806:109F:1A:313D:55A0:6CF9:1655:3065
ip dhcp-server 10.10.10.75
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool DHCPv6-Intranet
dns-server 2806:109F:1A:313D:55A0:6CF9:1655:3065
domain-name mydomain.com
import information refresh
!
multilink bundle-name authenticated
chat-script cdma "" "atdt#777" TIMEOUT 60 "CONNECT"
license udi pid C887VAG-S-K9 sn xxxxxxxx
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
!
username username privilege 15 secret 9 secret
!
controller VDSL 0
operating mode adsl2+ annex A
sync mode itu
sra
!
controller Cellular 0
no cdp run
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description DSL_Connection
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/81
tx-ring-limit 2
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
interface FastEthernet0
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet1
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet2
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet3
switchport mode access
no ip address
duplex full
speed 100
spanning-tree portfast
!
interface Cellular0
no ip address
encapsulation ppp
shutdown
dialer in-band
dialer string cdma
!
interface Vlan1
ip address 10.10.10.75 255.255.255.128
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ipv6 address FE80::7E69:F6FF:FE24:45CE link-local
ipv6 address INFINITUM-PD ::/64 eui-64
ipv6 enable
ipv6 mtu 1472
ipv6 nd other-config-flag
ipv6 nd ra dns server 2806:109F:1A:313D:55A0:6CF9:1655:3065
ipv6 tcp adjust-mss 1440
ipv6 verify unicast reverse-path
no ipv6 dhcp server DHCPv6-Intranet
--> no ipv6 traffic-filter VLAN-out-ACL6 out
!
interface Dialer1
description INFINITUM_WAN
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ipv6 address FE80::7E69:F6FF:FE24:45D2 link-local
ipv6 address autoconfig default
ipv6 enable
ipv6 mtu 1472
ipv6 tcp adjust-mss 1432
ipv6 verify unicast reverse-path
ipv6 dhcp client pd INFINITUM-PD rapid-commit
--> no ipv6 traffic-filter INTERNET-IN-ACL6 in
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password 0 mypassword
ppp pap sent-username username password 0 mypassword
!
--> no ip default-gateway 10.10.10.75
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static udp 10.10.10.4 1802 interface Dialer1 1802
ip nat inside source static tcp 10.10.10.4 1802 interface Dialer1 1802
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended nat-list
permit icmp any any
permit ip object-group local_lan_subnets any
deny ip any any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 route ::/0 Dialer1
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
ipv6 access-list INTERNET-IN-ACL6
permit icmp any any
sequence 320 permit tcp any any
permit udp any any
!
ipv6 access-list VLAN-out-ACL6
permit icmp any any
permit tcp any any
permit udp any any
!
control-plane
!
line con 0
no modem enable
line aux 0
line 3
script dialer cdma
no exec
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
event manager applet MONITOR-IPV6-DHCP-APP
event syslog pattern "DIALER-6-BIND"
action 1.0 cli command "enable"
action 1.1 cli command "clear ipv6 dhcp client Dialer 1"
action 2.0 syslog priority debugging msg "Refreshed IPv6 DHCP PD lease (Dialer rebind)"
!
end

JulioGarcia · ‎12-28-2021

same result

Georg Pauwen · ‎12-29-2021

Hello,

so the DYNU server is running on a Windows 2012 server ? I was kind of expecting that the Cisco router is not the problem. I guess you are using standard SMTP and POP3 ports (25 and 110) for DYNU ?

Do you have any Antivirus software running on the Windows machine ?

EDIT: what is the remote machine you are trying to send mail to/from ?

JulioGarcia · ‎12-29-2021

Greetings!

Dynu is for store/forward email. dynu server is not mine. My email server resides on a win2012r2, with ipv6 address. Also win Firewalls is down. Because ISP blocks inbound 25 port, dynu receive on that port for me and then it send it to my server via a custom port. Ports I use 26 (for test purposes only), 465 and 587. But on all ports is the same error. On the console log of the hmailserver server I can see that after 220 Welcome message, when the connection have been made dynu server disconnects and throws that error

JulioGarcia · ‎01-06-2022

here is the order, suppose that an outlook user sent me a mail, this is the route the mail is going to travel:

Outlook server (port 25) ---> (25 in) store1.dynu.com (465, 587 out) ---> (465, 587) My mail server.

* With dynu store/forward service you could configure whatever port you could open to mount the mail server.

An here is the log from my hmailserver app.

"TCPIP" 468 "2022-01-06 02:46:39.290" "TCP - 2600:c05:3010:8888::29 connected to 2806:109f:1a:ffb9:55a0:6cf9:1655:3065:2525."
"DEBUG" 468 "2022-01-06 02:46:39.290" "TCP connection started for session 23"
"SMTPD" 468 23 "2022-01-06 02:46:39.290" "2600:c05:3010:8888::29" "SENT: 220 Welcome to AEIKS services"
"DEBUG" 468 "2022-01-06 02:46:39.290" "The read operation failed. Bytes transferred: 0 Remote IP: 2600:c05:3010:8888::29, Session: 23, Code: 2, Message: End of file"
"DEBUG" 468 "2022-01-06 02:46:39.290" "Ending session 23"
"DEBUG" 1320 "2022-01-06 02:47:23.446" "Creating session 136"

2600:c05:3010:8888::29 ---> dynu server

2806:109f:1a:ffb9:55a0:6cf9:1655:3065:2525 ---> my server, using testing port 2525 for communication

Open port on my server for mail communication 25*, 465, 587

25 por is closed by ISP, that's why I'm using dynu. With a public ipv4 there wasn't an issue, but with ipv6 this is the issue, only on the mail server. FTP, DNS, and Web Server are running withour issues. Mail server can be contacted, and dynu connects but something happens, that the server issue and RSET command and connection closes.

Thanks in advanced.

JulioGarcia · ‎01-31-2022

Thanks, sorry for being late, but certainly there is no ESMTP inspection enabled by default on the IOS configuration. Thank you Mr. Georg Pauwen.