09-24-2006 08:05 PM - edited 03-03-2019 02:06 PM
Hi,
I'm trying to set up an 837. I have it working and can browse out to the internet. I'm having problems with incoming SMTP connections (fail;) and access from a specific site. The config is attached.
Not only does the smtp incoming fail but when I enter an access-list such as
access-list 111 permit ip 192.168.54.229 10.1.1.1 any
it appears ok, but when I save and show the running-config the ip isn't the same. ???!!?
TIA for any help.
09-24-2006 08:14 PM
Apparently Opera 9.04 and IE 7 don't work for attachemnts. What does?
09-25-2006 04:45 AM
Hi,
I think you have misunderstood the syntax for access lists. If you are trying to permit traffic from 192.168.54.229 to 10.1.1.1 then your access list entry would be:
access-list 111 permit ip host 192.168.54.229 host 10.1.1.1
I'm making the assumption that this access list is applied to the right interface, that no NAT is required, etc - if this router is on the end of a generic Internet connection then you will probably need NAT as well.
When you manage to get the config to upload I'll take another look.
Foeh
09-25-2006 04:23 PM
09-26-2006 04:10 AM
Hi,
I don't know if it is possible to remove an attachment, but you should be very careful posting configs with the passwords in them!
Anything that is "level 7" encrypted (in this case, all the passwords except the enable secret) can be decrypted very easily with a wide variety of freely available tools.
Most people remove the enable secret as well when they post because that can sometimes be brute forced by a determined attacker.
Foeh
09-26-2006 07:08 PM
Foeh,
Not to worry. The encrypted stuff has been "chopped up" with a text editor. Even the IPs have been changed to protect the innocent.
Dennis
09-25-2006 07:50 PM
Foeh,
You're right. I now have it accepting the access-list entry as you suggested. I'm finding that the Cisco documentation is very similar to Unix docs - once you know how it works the docs make sense. ;)
I still have the smtp problem though.
Thanks for your help.
Dennis
09-26-2006 03:09 AM
Hi,
If you're expecting to accept incoming SMTP from the Internet, you will need to configure up a static NAT along the lines of:
ip nat inside source static tcp 10.1.1.1 25 interface Dialer1 25
That will allow anyone from the Internet to connect to your outside address on port 25, but really be connecting to your mail server.
Your SMTP entry in the ACL will need to be altered to reflect the outside address.
Foeh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide