cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
2
Replies

Nat from outside ip to inside local network proplem

ahmedbarbary
Level 1
Level 1

I have cisco firewall 800 series from two week send and recieve email stop 

I make nat from 78.93.244.61 to internal local network 192.168.1.4

i take this router from isp awal net and he provide us with real ip 78.93.244.61

but when access to internet in mail server it give me test internet connection failed

i also  dont have user name or password to access this router or change any thing or control it

this is configuration of router show run

------

xxxx#sh run
Building configuration...

Current configuration : 4660 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone KSA 3
!
crypto pki trustpoint TP-self-signed-164429193
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-164429193
revocation-check none
rsakeypair TP-self-signed-164429193
!
!
dot11 syslog
!
dot11 ssid xxxx
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxx
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.11.1
!
ip dhcp pool wireless
import all
network 10.10.11.0 255.255.255.0
default-router 10.10.11.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name awalnet.net.sa
ip name-server 84.22.224.11
ip name-server 84.22.224.12
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxx
key xxx
dns 212.93.192.4 212.93.192.5
include-local-lan
dhcp server 10.10.10.1
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group xxx
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 60
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid xxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 78.93.244.61 255.255.255.252 secondary
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password xxxx
ppp pap sent-username xxxx.xx password xxxxx
!
interface BVI1
ip address 10.10.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.4 25 78.93.244.61 25 extendable
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 212.93.196.0 0.0.0.255
access-list 23 permit 212.93.192.0 0.0.0.255
access-list 23 permit 212.93.193.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 212.93.208.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community private RW
snmp-server community public RO
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

------

Are this configuration is enough to send and recieve mails

or there are any thing remaining

because test internet connection to mail server is failed 

2 Replies 2

Robert Sherwin
Cisco Employee
Cisco Employee

Moving this to FW forums - as pertains more to NAT...

-Robert

ahmedbarbary
Level 1
Level 1

where this forum that you need from me to move to it

Review Cisco Networking for a $25 gift card