Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
1
Replies

Allow email to two emails on diff vlan

ashnil.kumar
Level 1
Level 1

‎03-24-2012 11:09 PM - edited ‎03-07-2019 05:45 AM

Hello experts

I have a network with the following structure

internet ---- cisco2911 ----cisco3750 --- internal lan

I have two email servers on different vlan

192.168.0.1    ----- 1.1.1.2 (public ip)

10.1.1.65  ---- 1.1.1.3 (public ip)

Before these servers were directly connected to the internet with two nics (Nightmare, I know). The Public IP on internet facing NIC and private ip on LAN facing nic. I'm in the process of changing this.

I'm able to access internet from my vlans and also able to send emails but cannot receive emails on these servers.

My router congif is as follows:

Building configuration...

Current configuration : 6234 bytes

!

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname test

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200

logging console critical

enable secret 5 $1$J5q4$Drx.ygmtmk73532oWME/N0

!

no aaa new-model

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

!

!

no ip bootp server

ip domain name yourdomain.com

ip name-server 4.4.4.4.

ip name-server 4.4.4.5

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

ip tcp synwait-time 10

!

interface Embedded-Service-Engine0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

shutdown

!

!

interface GigabitEthernet0/1

description Inside LAN

ip address 10.0.0.2 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/2

description Link to internet

ip address 1.1.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

router rip

version 2

network 10.0.0.0

network 192.168.0.0

!

ip forward-protocol nd

!

no ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/2 overload

ip nat inside source static 192.168.0.1 1.1.1.2

ip nat inside source static 10.1.1.65 1.1.1.3

ip route 0.0.0.0 0.0.0.0 2.2.2.2

ip route 10.1.1.0 255.255.255.0 10.0.0.1

ip route 192.168.0.0 255.255.255.0 10.0.0.1

!

logging trap debugging

access-list 1 permit 192.168.0.0 0.0.255.255

access-list 1 permit 10.1.1.0 0.0.0.255

!

no cdp run

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

scheduler allocate 20000 1000

end

Labels:
0 Helpful
1 Reply 1

thomas.satafer.fan
Level 1
Level 1

‎03-29-2012 07:03 AM

My suggestions are:

1. It's very possible that you can initiate connection only in one direction is because there is a firewall without a explicit permition of connection initation from outside.

2. Try if you can ping 1.1.1.2 or 1.1.1.3 from Internet.

3. Try if you can access 1.1.1.2 or 1.1.1.3's web server

4. Setup monitor session or install a packet sniffer software in mail server and try if you can capture any TCP SYN from Internet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card