cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1310
Views
3
Helpful
2
Replies

NAT to mail server not working.

gkonheiser
Level 1
Level 1

Hi There

I am trying to set up one of my cisco routers to NAT  to my mail server but my client con not connect and I cant see what i'm missing.

Any help appreciated.

Here is my config:-

service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router101.4
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username gkonheiser password 7 xxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
!
!
ip name-server 62.2.17.60
ip name-server 62.2.24.162
!
!
controller E1 1/0
!
!
!
interface FastEthernet0/0
description WAN
ip address 62.xxx.xxx.xxx 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.xxx.223 255.255.255.0
ip nat inside
speed 100
full-duplex
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.xxx.xxx 62.xxx.xxx.xxx
ip nat inside source static tcp 192.168.xxx.21 25 62.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.xxx.21 443 62.xxx.xxx.xxx 443 extendable
ip nat inside source static tcp 192.168.xxx.21 80 62.xxx.xxx.xxx 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 62.xxx.xxx.xxx
no ip http server
ip pim bidir-enable
!
!
access-list 1 remark Internet access list
access-list 1 permit 192.168.xxx.0 0.0.0.255
access-list 1 remark Internet access list
access-list 1 remark Internet access list
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxx
login local
line vty 5 15
password 7 xxxxxxxxxxxxxxxxxxxxx
login local
!
!
end

2 Replies 2

andrew.prince
Level 10
Level 10

Re-write the nat overload access-list to deny the internal mail server IP address, ie


access-list 1 remark Internet access list

access-list 1 deny 192.168.xxx.21
access-list 1 permit 192.168.xxx.0 0.0.0.255

The above wille exempt the mail server from the dynamic nat, and allow the static to override.

Normally static overides dynamic - but it's worth a try!!

Hi Andrew

Thanks for your help.I solved the problem yesterday. It was due to a STUPID over sight on my behalf.

Gordon

Review Cisco Networking for a $25 gift card