Jon:

Many thanks for taking my question.

Okay, don't thank me just yet as we haven't fixed it.

Excerpt from your posted ouput

tcp 67.107.17.133:25 192.168.150.253:25 72.74.6.241:50251 72.74.6.241:50251

tcp 67.107.17.133:25 192.168.150.253:25 72.252.51.95:50505 72.252.51.95:50505

tcp 67.107.17.133:25 192.168.150.253:25 74.127.3.109:58827 74.127.3.109:58827

tcp 67.107.17.133:25 192.168.150.253:25 78.174.3.75:1449 78.174.3.75:1449

tcp 67.107.17.133:25 192.168.150.253:25 85.16.92.147:1829 85.16.92.147:1829

tcp 67.107.17.133:25 192.168.150.253:25 85.96.78.246:3540 85.96.78.246:3540

tcp 67.107.17.133:25 192.168.150.253:25 85.96.78.246:3543 85.96.78.246:3543

As you can see your mail server IP address is getting translated to .133. I can't find any translations in your output that show 192.168.150.253 getting translated to the .130 address.

Can you post config.

Also how have you verified that the mail server is going out as .130 ?

Jon

When I send an email and show full headers it is saying that it comes from .130 My DNS is setup for reverse and ptf record .133. When aol recieves email from .130 and then does a lookup to .133 it denies the email. .130 address is the nat pool overload. Again thanks.

show run

Hi,

Your server 192.168.150.253. is translated to 67.107.17.130 for traffics other than HTTP and HTTPS.

You need to add this line...

ip nat inside source static tcp 192.168.150.253 smtp 67.107.17.133 smtp extendable

Regards,

Dandy

How much different using the smtp vs. 25. I tried the cli command ip nat inside source static tcp 192.168.150.253 25 67.107.17.133 25

regarding full configuration

aaa new-model

!

!

aaa group server radius VPNClient

server-private x.x.x.2 auth-port 1yy5 acct-port 1yy6 key

30017

!

aaa authentication ppp default local

aaa authorization network default if-authenticated

!

aaa session-id common

!

resource policy

!

no ip source-route

!

!

ip cef

!

!

no ip bootp server

no ip domain lookup

ip domain name headcan.com

ip inspect name ALLOWED tcp

ip inspect name ALLOWED udp

ip ips notify SDEE

vpdn enable

!

interface FastEthernet0/1

description Internal LAN$FW_INSIDE$$ETH-LAN$

ip address 10.1.1.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/2/0

!

interface FastEthernet0/2/1

!

interface FastEthernet0/2/2

!

interface FastEthernet0/2/3

!

interface Virtual-Template1

ip unnumbered Vlan1

ip mroute-cache

peer default ip address pool dial-in

ppp encrypt mppe auto

ppp authentication chap pap ms-chap mschap-v2

!

interface Vlan1

description DSL2

ip address 209.z.z.130 255.255.255.248

no ip unreachables

ip nat outside

ip virtual-reassembly

no mop enabled

crypto map zzzzzzz

ip route 0.0.0.0 0.0.0.0 209.x.x.129

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat inside source static tcp z.z.z.5 443 interface Vlan1 443

ip nat inside source static tcp z.z.z.5 143 interface Vlan1 143

ip nat inside source static tcp z.z.z.5 80 interface Vlan1 80

ip nat inside source static tcp z.z.z.5 110 interface Vlan1 110

ip nat inside source static tcp z.z.z.5 25 interface Vlan1 25

ip nat inside source route-map zzzzzz interface Vlan1 overload

ip nat inside source static tcp z.z.z.5 3389 interface Vlan1 3389

Greetings to all. Just got off the phone with cisco. Problem is 2 fold. There is a nat issue with pre 12.13 IOS as well as the new 12.14. Also, Nat was getting overloaded because of a possible dos attack using netbios.

Thanks for the info but what is the solution for my problem in this case?