Re: IP Porting on a Cisco 2500

nanohurtz · ‎06-21-2004

I've just recently inherited an undocumented network (*.vfde.org) after a recent black out with the company. Talk about a two for one special.

The clients have not been able to receive email from external sources for about a week after a recent NIC burn out from the PDC which also serves as thier mail exchange server. The exchange server orginally had 2 nic cards (multihomed) behind ISA.

Router: 141.151.33.1

NIC #1 "External" IP 141.151.33.2

NIC #2 "Internal" IP 192.168.0.1

Named Server by the way is 192.168.0.68

The External NIC card was fried due to an electrical storm and a new server IP address assigned to the single card.

NIC #1 "Internal/External IP 192.168.0.2

Our registrar is NetworkSolutions and the DNS entry there is

NS1.MYDOMAIN.COM

NS2.MYDOMAIN.COM

Over at Mydomain.com we have URL and Mail fowarding turned off, but have the the following MX/A Configuration

MX: mail.vcfde.org

A: 192.168.0.2 (The exchange server IP)

We still had no luck receiving email...

Now, I was recently told that this IP may need to be forwarded through port 25 in our Cisco 2501. I just need to know if my configuration thus far is correct, and if IP forwarding is required how would I go about changing it via command line on my router. Any help is greatly appreciated

Georg Pauwen · ‎06-21-2004

Hello,

can you post the configuration ?

Regards,

Georg

nanohurtz · ‎06-21-2004

Here's the Router Configuration (as per ConfigMaker2.6) Hope this helps. I have a funny feeling it may have something to do with the static NAT, I yeild to the experts on this:

!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Router

!

enable password

!

ip name-server 141.151.0.68

!

ip subnet-zero

ip domain-lookup

ip routing

!

interface Ethernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.0.6 255.255.255.128

ip helper-address 192.168.0.1

no ip directed-broadcast

ip nat inside

keepalive 10

!

interface Serial 0

no shutdown

description connected to Internet

ip address 141.151.50.190 255.255.255.252

no ip directed-broadcast

ip nat outside

encapsulation hdlc

!

interface Serial 1

no shutdown

description connected to UnknownDevice

ip address 192.168.1.1 255.255.255.252

no ip directed-broadcast

ip nat inside

encapsulation hdlc

!

! Access Control List 1

!

no access-list 1

access-list 1 permit 192.168.0.0 0.0.0.127

access-list 1 permit 192.168.1.0 0.0.0.3

access-list 1 permit 192.168.0.128 0.0.0.15

!

! Static NAT

!

ip nat inside source static 192.168.0.112 141.151.33.3

ip nat inside source static 192.168.0.6 141.151.33.1

ip nat inside source static 192.168.0.1 141.151.33.2

ip nat inside source static 192.168.0.8 141.151.33.6

ip nat inside source static 192.168.0.12 141.151.33.12

ip nat inside source static 192.168.0.7 141.151.33.5

ip nat inside source static 192.168.0.14 141.151.33.7

ip nat inside source static 192.168.0.16 141.151.33.8

ip nat inside source static 192.168.0.130 141.151.33.9

ip nat inside source static 192.168.0.10 141.151.33.11

!

! Dynamic NAT

!

ip nat translation timeout 86400

ip nat translation tcp-timeout 86400

ip nat translation udp-timeout 300

ip nat translation dns-timeout 60

ip nat translation finrst-timeout 60

ip nat pool Router-natpool-0 141.151.33.13 141.151.33.14 netmask 255.255.255.240

ip nat inside source list 1 pool Router-natpool-0 overload

!

router rip

version 2

network 192.168.0.0

network 192.168.1.0

passive-interface Serial 0

no auto-summary

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0

no ip http server

snmp-server community public RO

no snmp-server location

no snmp-server contact

ip forward-protocol udp 135

!

line console 0

exec-timeout 0 0

password

login

transport input none

!

line vty 0 4

password

login

!

end

Georg Pauwen · ‎06-21-2004

Hello,

are all your clients on the 192.168.0.0/25 network ? And all your servers (including the one they cannot reach) on addreses starting with 141 ? Looking at the config, I would simplify it as following:

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Router

!

enable password

!

ip name-server 141.151.0.68

!

ip subnet-zero

ip domain-lookup

ip routing

!

interface Ethernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.0.6 255.255.255.128

ip helper-address 192.168.0.1

no ip directed-broadcast

ip nat inside

keepalive 10

!

interface Serial 0

no shutdown

description connected to Internet

ip address 141.x.x.x.x.255.252

no ip directed-broadcast

ip nat outside

encapsulation hdlc

!

interface Serial 1

no shutdown

description connected to UnknownDevice

ip address 192.168.1.1 255.255.255.252

no ip directed-broadcast

encapsulation hdlc

!

! Access Control List 1

!

access-list 1 permit 192.168.0.0 0.0.0.127

!

ip nat translation timeout 86400

ip nat translation tcp-timeout 86400

ip nat translation udp-timeout 300

ip nat translation dns-timeout 60

ip nat translation finrst-timeout 60

!

ip nat inside source list 1 interface serial0 overload

!

router rip

version 2

network 192.168.0.0

network 192.168.1.0

passive-interface Serial 0

no auto-summary

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0

no ip http server

snmp-server community public RO

no snmp-server location

no snmp-server contact

ip forward-protocol udp 135

ip forward-protocol udp 68

!

line console 0

exec-timeout 0 0

password

login

transport input none

!

line vty 0 4

password

login

!

end

I have taken all the static and dynamic NAT stuff out and added ip forward-protocol udp 68, which is the bootpc port for your DHCP clients...

Check if this works any better, if not, let me know.

Regards,

Georg