Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
1
Replies

HELP Need assistance with NAT and PAT for SMTP

tyoungbauer
Level 1
Level 1

‎06-21-2007 08:44 AM - edited ‎03-11-2019 03:33 AM

Posted by: tyoungbauer@t-llc.com - CTO, Transcendent, LLC - Jun 21, 2007, 9:20am PST

I have an emergecy where I need to use the router for NAT and PAT. It is short term until we swing the firewall.

I can build nat and get out bound web surfing and ping but I need inbound email.

I cannot seem to get the PAT working

Config is below

I have a 667 vlan for the internat and the email server is on the 192 vlan. Users are on vlan 10

interface FastEthernet0/0

ip address 10.1.1.20 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex full

speed 10

no mop enabled

!

interface FastEthernet0/0.667

encapsulation dot1Q 667

ip address X.X.X.214 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1.10

description Data Vlan

encapsulation dot1Q 10

ip address 172.20.10.254 255.255.255.0

ip helper-address 192.168.1.10

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

no cdp enable

!

interface FastEthernet0/1.11

description Voice Vlan

encapsulation dot1Q 11

ip address 172.20.11.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no cdp enable

!

interface FastEthernet0/1.192

encapsulation dot1Q 192

ip address 192.168.1.254 255.255.255.0

ip helper-address 192.168.1.10

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

no cdp enable

!

interface FastEthernet0/1.254

encapsulation dot1Q 254

ip address 172.20.254.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no cdp enable

!

router eigrp 101

network 172.21.0.0

network 172.22.0.0

auto-summary

!

ip route 0.0.0.0 0.0.0.0 66.162.50.213

ip route 172.21.0.0 255.255.0.0 10.1.1.21

ip route 172.22.0.0 255.255.0.0 10.1.1.22

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat pool TGO-MSP X.X.X.214 X.X.X.214 netmask 255.255.255.252

ip nat inside source list 101 pool TGO-MSP overload

ip nat inside source static tcp 192.168.1.10 25 X.X.X.214 25 extendable

!

access-list 101 permit ip any any log

access-list 102 permit tcp any host X.X.X.214 eq smtp

!

Labels:
0 Helpful
1 Reply 1

gaetan.allart
Level 1
Level 1

‎06-25-2007 02:47 AM

For incoming trafic, you cannot use Nat/Pat.

You need to use static translations :

static (inside,outside) tcp 25 25 netmask 255.255.255.255

Regards,

Gaetan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card