10-18-2012 10:49 PM
I need to understand what this command does, it was on a router that I've just taken over and I'm familiar with this part of the command.
ip nat inside source static tcp 192.168.5.201 25 203.161.81.22 25 route-map mail_192.168.7 extendable
Reason I'm asking is because the client has a scanner that sends scanned document via smtp to an offsite mail server which in turns sends the mail to the user. Prior to this they were using an in-house mail server (.201). What is happening is mail from users can go out and reach their destination. However, any scanned mail does not and I'm trying to figure out why. The scanner has an internal ip that is 192.168.5.25, the 192.168.5.201 was a mail server that was running and this command seems to me to be allowing mail from the mail server (.201) to send mail to another location via VPN tunnel to our other office. What I'm trying to figure out is is the command stating that mail from .201 can go to the 192.168.7 network via the 203.161.81.22 port 25 route. If this is true will that stop mail from any other device from going out via 203.161.81.22 on port 25
Solved! Go to Solution.
10-19-2012 09:10 AM
As you know, to make NAT ports on a Cisco router, add a line for each of them, such as:
ip nat inside source static tcp 192.168.5,201 25 X.X.X.X 25 route-map extendable
Here we ¨nating¨ port 25 to the machine 192.168.5.201 in our network, where XXXX is the public ip ours.
Having said that, here I explain what each command does
access-list 112 deny ip host 192.168.5.201 192.168.1.0 0.0.0.255
access-list 112 deny ip host 192.168.5.201 192.168.7.0 0.0.0.255
access-list 112 permit ip any any
-->Here you are creating an access list that deny the ip 192.168.5.201 go to 192.168.1.0 and 192.168.7.0
route-map mail_192.168.7 permit 10
match ip address 112
-->Here you are creating a ¨rule¨ in order to match the access list that you created.
ip nat inside source static tcp 192.168.5.201 25 203.161.81.22 25 route-map mail_192.168.7 extendable
-->and here you are mapping the ip 192.168.5.201 with the port 25 (SMTP) that go outside with the ip 203.161.81.22 with the port 25 (SMTP) and having a match with the route-map
Best regards and have a nice day
Johnnatan Rodriguez Miranda
If this answer was satisfactory for you, please mark the question as Answered.
Thank you
10-18-2012 10:57 PM
Sorry forgot to add the other bits:
route-map mail_192.168.7 permit 10
match ip address 112
access-list 112 deny ip host 192.168.5.201 192.168.1.0 0.0.0.255
access-list 112 deny ip host 192.168.5.201 192.168.7.0 0.0.0.255
access-list 112 permit ip any any
10-19-2012 09:10 AM
As you know, to make NAT ports on a Cisco router, add a line for each of them, such as:
ip nat inside source static tcp 192.168.5,201 25 X.X.X.X 25 route-map extendable
Here we ¨nating¨ port 25 to the machine 192.168.5.201 in our network, where XXXX is the public ip ours.
Having said that, here I explain what each command does
access-list 112 deny ip host 192.168.5.201 192.168.1.0 0.0.0.255
access-list 112 deny ip host 192.168.5.201 192.168.7.0 0.0.0.255
access-list 112 permit ip any any
-->Here you are creating an access list that deny the ip 192.168.5.201 go to 192.168.1.0 and 192.168.7.0
route-map mail_192.168.7 permit 10
match ip address 112
-->Here you are creating a ¨rule¨ in order to match the access list that you created.
ip nat inside source static tcp 192.168.5.201 25 203.161.81.22 25 route-map mail_192.168.7 extendable
-->and here you are mapping the ip 192.168.5.201 with the port 25 (SMTP) that go outside with the ip 203.161.81.22 with the port 25 (SMTP) and having a match with the route-map
Best regards and have a nice day
Johnnatan Rodriguez Miranda
If this answer was satisfactory for you, please mark the question as Answered.
Thank you
10-19-2012 09:40 PM
Beautifully explained and I understand it as I thought it may have been what you've stated. Thanks for clearing that up...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide