09-04-2012 05:20 AM - edited 03-11-2019 04:49 PM
Hey,
in the LAN have a Mail Server ! No Mails come's from the Internet !
What is wrong ?
object network srv-ex
host 10.104.1.9
object service mail-serv
service tcp source eq smtp destination eq smtp
nat (inside,outside) source static any any destination static srv-ex srv-ex service mail-serv mail-serv
access-list outside_access_in extended permit tcp any 10.104.1.9 255.255.255.255 eq smtp
Thanks
09-04-2012 05:25 AM
Hello Bodo,
object service mail-serv
service tcp source eq smtp destination eq smtp
Change the object to source
object service mail-serv
service tcp source eq smtp source eq smtp
Remember to rate all the helpful posts,
Julio
09-04-2012 06:20 AM
Hey,
i have change to :
object service mail-serv
service tcp source eq smtp
Nothing works !
09-04-2012 05:25 AM
The NAT is incorrect.
It should be:
object network srv-ex
host 10.104.1.9
nat (inside,outside) static
09-04-2012 06:22 AM
Hey,
i have config this then come this :
ERROR: Address xxx.xxx.xxx.xxx overlaps with outside interface address.
ERROR: NAT Policy is not downloaded
What is that ?
09-04-2012 06:23 AM
Try this:
object network srv-ex
host 10.104.1.9
object service mail-serv
service tcp destination eq 25
nat (outside,inside) source static any any destination static interface srv-ex service mail-serv mail-serv
access-list outside_access_in extended permit tcp any host 10.104.1.9 eq smtp
I am using the outside interface as the public ip for the mail server, if you have any other free ip, you can use it.
Thanks,
Varun Rao
Security Team,
Cisco TAC
09-04-2012 06:24 AM
Can you also give us the output of :
show run interface
Thanks,
Varun Rao
Security Team,
Cisco TAC
09-04-2012 06:37 AM
Internet and VPN Site-to-Site works with the Interface !
09-04-2012 06:36 AM
Hey,
no works, this was the config :
object service mail-serv
service tcp destination eq smtp
object network srv-ex
host 10.104.1.9
nat (outside,inside) source static any any destination static interface srv-ex service mail-serv mail-serv
access-list outside_access_in extended permit tcp any host 10.104.1.9 eq smtp
access-group outside_access_in in interface outside
show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source dynamic any interface
translate_hits = 1058, untranslate_hits = 212
2 (inside) to (outside) source static RFC1918 RFC1918 destination static RFC1918 RFC1918 description NAT-Excempt for VPN
translate_hits = 0, untranslate_hits = 828
3 (outside) to (inside) source static any any destination static interface srv-ex service mail-serv mail-serv
translate_hits = 0, untranslate_hits = 0
Make from the Internet a telnet on port 25 nothing !
09-04-2012 06:43 AM
Hey all,
have change the NAT Rules from Position 3 to 1 and now works !
09-04-2012 06:45 AM
Great, it must be hitting your nat exempt..all the best
Thanks,
Varun Rao
Security Team,
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide