Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
3
Replies

Need to understand what this command does

Go to solution
jonl711
Level 1
Level 1

‎10-18-2012 10:49 PM

I need to understand what this command does, it was on a router that I've just taken over and I'm familiar with this part of the command.

ip nat inside source static tcp 192.168.5.201 25 203.161.81.22 25 route-map mail_192.168.7 extendable

Reason I'm asking is because the client has a scanner that sends scanned document via smtp to an offsite mail server which in turns sends the mail to the user.  Prior to this they were using an in-house mail server (.201). What is happening is mail from users can go out and reach their destination.  However, any scanned mail does not and I'm trying to figure out why.  The scanner has an internal ip that is 192.168.5.25, the 192.168.5.201 was a mail server that was running and this command seems to me to be allowing mail from the mail server (.201) to send mail to another location via VPN tunnel to our other office. What I'm trying to figure out is is the command stating that mail from .201 can go to the 192.168.7 network via the 203.161.81.22 port 25 route.  If this is true will that stop mail from any other device from going out via 203.161.81.22 on port 25

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jonatrod
Level 7
Level 7
In response to jonl711

‎10-19-2012 09:10 AM

Good morning jonl711

As you know, to make NAT ports on a Cisco router, add a line for each of them, such as:

ip nat inside source static tcp 192.168.5,201 25  X.X.X.X 25 route-map extendable

Here we ¨nating¨ port 25 to the machine 192.168.5.201 in our network, where XXXX is the public ip ours.

Having said that, here I explain what each command does

access-list 112 deny   ip host 192.168.5.201 192.168.1.0 0.0.0.255

access-list 112 deny   ip host 192.168.5.201 192.168.7.0 0.0.0.255

access-list 112 permit ip any any

-->Here you are creating  an access list that  deny the  ip 192.168.5.201 go to 192.168.1.0 and 192.168.7.0

route-map mail_192.168.7 permit 10

match ip address 112

-->Here you are creating a ¨rule¨ in order to  match the access list that you created.

ip nat inside source static tcp 192.168.5.201 25 203.161.81.22 25 route-map mail_192.168.7 extendable

-->and here you are mapping the ip 192.168.5.201 with the port 25 (SMTP) that go outside with the ip 203.161.81.22 with the port 25 (SMTP) and having a match with the route-map

Best regards and have a nice day

Johnnatan Rodriguez Miranda

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jonl711
Level 1
Level 1

‎10-18-2012 10:57 PM

Sorry forgot to add the other bits:

route-map mail_192.168.7 permit 10

match ip address 112

access-list 112 deny   ip host 192.168.5.201 192.168.1.0 0.0.0.255

access-list 112 deny   ip host 192.168.5.201 192.168.7.0 0.0.0.255

access-list 112 permit ip any any

0 Helpful

Go to solution
jonatrod
Level 7
Level 7
In response to jonl711

‎10-19-2012 09:10 AM

Good morning jonl711

As you know, to make NAT ports on a Cisco router, add a line for each of them, such as:

ip nat inside source static tcp 192.168.5,201 25  X.X.X.X 25 route-map extendable

Here we ¨nating¨ port 25 to the machine 192.168.5.201 in our network, where XXXX is the public ip ours.

Having said that, here I explain what each command does

access-list 112 deny   ip host 192.168.5.201 192.168.1.0 0.0.0.255

access-list 112 deny   ip host 192.168.5.201 192.168.7.0 0.0.0.255

access-list 112 permit ip any any

-->Here you are creating  an access list that  deny the  ip 192.168.5.201 go to 192.168.1.0 and 192.168.7.0

route-map mail_192.168.7 permit 10

match ip address 112

-->Here you are creating a ¨rule¨ in order to  match the access list that you created.

ip nat inside source static tcp 192.168.5.201 25 203.161.81.22 25 route-map mail_192.168.7 extendable

-->and here you are mapping the ip 192.168.5.201 with the port 25 (SMTP) that go outside with the ip 203.161.81.22 with the port 25 (SMTP) and having a match with the route-map

Best regards and have a nice day

Johnnatan Rodriguez Miranda

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
0 Helpful

Go to solution
jonl711
Level 1
Level 1
In response to jonatrod

‎10-19-2012 09:40 PM

Beautifully explained and I understand it as I thought it may have been what you've stated.  Thanks for clearing that up...

0 Helpful
Customers Also Viewed These Support Documents