06-29-2004 04:49 AM - edited 03-02-2019 04:42 PM
I have cisco routers connecting my LAN to remote sites and to the
internet. I use Network address translation to connect to the internet. I
have now set up a mail server using microsoft exchange 5.5. I have
registered a domain with an isp and i am using the ISP's DNS to resolve my
ip address. I am able to send and receive mail within my wide area
network and i am also able to send e-mail past the NAT port to the
internet. But iam unable to receive mail from the internet. So what can I do so
that i am able to receive mail. I have given my mail server a static
NAT ip. My ISP has already set up th MX record which has the public IP address of
my mail server. Below is the configuration file of my NAT router.
Thanks in advance
=========================================================================
User Access Verification
Password:
Cisco_2611_IT>en
Password:
Cisco_2611_IT#sh conf
Using 3118 out of 29688 bytes
!
version 12.0
service config
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco_2611_IT
!
ip subnet-zero
ip host salima 192.168.112.99
ip host Limbe 192.168.10.26
ip host BlantyrePayPoint 192.168.10.1
ip host MaselemaPayPoint 192.168.10.5
ip host LimbePayPoint 192.168.10.25
ip host Blantyre 192.168.10.2
ip host Zomba 192.168.10.22
ip host Mzuzu 192.168.30.30
ip host mangochi 192.168.30.22
ip host LilongweOldTown 192.168.10.14
ip host LilongweCityCentre 192.168.10.18
ip host Maselema 192.168.10.6
!
!
!
interface Ethernet0/0
ip address 192.168.100.207 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0/0
description Connecting MTL Head Office(Maselema)
bandwidth 64
ip address 192.168.30.6 255.255.255.252
ip directed-broadcast
ip nat inside
no ip mroute-cache
!
interface Ethernet0/1
ip address 192.168.240.1 255.255.255.0
no ip directed-broadcast
ip nat inside
bridge-group 1
!
interface Serial0/1
description Connecting Salima Customer Care Centre
ip address 192.168.30.9 255.255.255.252
no ip directed-broadcast
ip nat inside
no cdp enable
!
interface Serial1/0
description Connecting Ntcheu CCC
ip address 192.168.40.6 255.255.255.0
no ip directed-broadcast
ip nat inside
no cdp enable
!
interface Serial1/1
description Connecting Kasungu CCC
ip address 192.168.10.16 255.255.255.0
no ip directed-broadcast
ip nat inside
no cdp enable
!
interface Serial1/2
description Connecting Leland Internet Gateway
ip address 10.10.10.2 255.255.255.0
no ip directed-broadcast
ip nat outside
no cdp enable
!
interface Serial1/3
description Connecting Ngabu CCC
ip address 192.168.40.11 255.255.255.0
no ip directed-broadcast
ip nat inside
no cdp enable
!
router rip
version 2
no validate-update-source
redistribute connected
network 10.0.0.0
network 62.0.0.0
network 128.1.0.0
network 192.168.10.0
network 192.168.30.0
network 192.168.40.0
network 192.168.100.0
network 192.168.113.0
network 192.168.116.0
network 192.168.117.0
network 192.168.240.0
neighbor 10.10.10.1
!
ip nat pool Internet_Access 62.192.143.65 62.192.143.65 netmask 255.255.255.248
ip nat inside source list 101 pool Internet_Access overload
ip nat inside source static 128.1.0.1 X.X.X.X
ip nat inside source static 192.168.100.8 X.X.X.X
ip nat inside source static 192.168.100.254 X.X.X.X
ip nat inside source static 192.168.100.10 X.X.X.X
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
bridge 1 protocol dec
banner motd ^C
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
password
login
!
end
Cisco_2611_IT#
================
06-29-2004 06:09 AM
Hello,
as far as I can see, you do not have a matching access list 101 as defined in your 'ip nat inside source statement'. Can you try and add the following to your configuration:
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.240.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.4 0.0.0.3 any
access-list 101 permit ip 192.168.30.8 0.0.0.3 any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.40.0 0.0.0.255 any
and see if it works then...
Regards,
GP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide