Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
23
Helpful
7
Replies

CISCO 831 E-mail Problem

Go to solution
peterauld
Level 1
Level 1

‎01-23-2005 04:42 AM - edited ‎03-05-2019 11:25 AM

Hi, I'm rather new to working with a Cisco equipment. Just switched to it from a Netgear a month ago. Got a weird problem with my Cisco 831 Router at the moment.

To send e-mail I need to log into my outgoing SMTP server. But since I install the 831 it just refuses to work. When you hit send it is immediately bounced back from "System Administrator" saying "Authentication Required". If I use a SMTP server that doesn't require authentication it works fine.

Before with the netgear it worked and I've tried putting it back in since the 831 was installed. And it still works placing the blame on the 831.

Anyone came across anything like this?

Any ideas?

Thanks,

Peter

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
S_Andrzej_2
Level 1
Level 1
In response to Georg Pauwen

‎01-25-2005 01:33 PM

IMO mentioned CBAC problem can be solved in several ways:

1. remoove line

ip inspect name myfw smtp timeout 3600

2. add permit to apropriate ACL

access-list 111 remark Permit SMTP authentica

access-list 111 permit tcp any any eq ident

or ... access-list 111 permit tcp eq ident ...

3. line repleacement in CBAC inspection rules

remoove line

ip inspect name myfw smtp timeout 3600

add line

ip inspect name myfw Esmtp timeout 3600

details in 'ESMTP Support for Cisco IOS Firewall'

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gt_esmtp.htm link

I recomend more advances - the latest solution.

BTW for Cisco devices cfg can be used

Telconi Terminal http://www.telconi.com/mdown.html

(No installation required)

View solution in original post

7 Replies 7

Go to solution
Georg Pauwen
VIP Alumni
VIP Alumni

‎01-23-2005 08:38 AM

Hello Peter,

can you post the configuration of your 831 ?

Regards,

GP

Go to solution
peterauld
Level 1
Level 1
In response to Georg Pauwen

‎01-23-2005 11:26 AM

Hi,

Thanks for your reply.

Hopefully this is what your after.

Building configuration...

Current configuration : 4650 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname admin

!

no logging buffered

enable secret xxxx.

!

username xxx password xxx

username xxx password xxx

username xxx password xxxx

no aaa new-model

ip subnet-zero

ip name-server 62.31.64.39

ip name-server 62.31.112.39

ip dhcp excluded-address 192.168.168.1

ip dhcp excluded-address 192.168.168.168

ip dhcp excluded-address 192.168.168.101

!

ip dhcp pool CLIENT

import all

network 192.168.168.0 255.255.255.0

default-router 192.168.168.1

lease 0 2

!

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0

description CRWS Generated text. Please do not delete this:192.168.168.1-255.255.255.0

ip address 192.168.168.1 255.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address dhcp client-id Ethernet1

ip access-group 111 in

ip nat outside

ip inspect myfw out

duplex auto

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip nat inside source list 102 interface Ethernet1 overload

ip nat inside source static tcp 192.168.168.168 5900 interface Ethernet1 5900

ip nat inside source static tcp 192.168.168.168 80 interface Ethernet1 80

ip nat inside source static tcp 192.168.168.168 21 interface Ethernet1 21

ip classless

ip http server

no ip http secure-server

!

access-list 23 permit 192.168.168.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 192.168.168.0 0.0.0.255 any

access-list 111 permit tcp any any eq ftp

access-list 111 permit tcp any any eq www

access-list 111 permit tcp any any eq 5900

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq 10000

access-list 111 permit tcp any any eq 1723

access-list 111 permit tcp any any eq 139

access-list 111 permit udp any any eq netbios-ns

access-list 111 permit udp any any eq netbios-dgm

access-list 111 permit gre any any

access-list 111 deny ip any any

no cdp run

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end

0 Helpful

Go to solution
peterauld
Level 1
Level 1
In response to peterauld

‎01-23-2005 11:30 AM

Attached is another configuration output though is seems to go into alot more detaul.

7722-cisco.txt
0 Helpful

Go to solution
Georg Pauwen
VIP Alumni
VIP Alumni
In response to peterauld

‎01-23-2005 12:50 PM

Hello,

can you add the keyword ´log´ to the ´access-list 111 deny ip any any´ statement ? With the ´term mon´ exec command, you can then see if your access list is blocking any traffic, and if so, which.

Regards,

GP

Go to solution
S_Andrzej_2
Level 1
Level 1
In response to Georg Pauwen

‎01-25-2005 01:33 PM

IMO mentioned CBAC problem can be solved in several ways:

1. remoove line

ip inspect name myfw smtp timeout 3600

2. add permit to apropriate ACL

access-list 111 remark Permit SMTP authentica

access-list 111 permit tcp any any eq ident

or ... access-list 111 permit tcp eq ident ...

3. line repleacement in CBAC inspection rules

remoove line

ip inspect name myfw smtp timeout 3600

add line

ip inspect name myfw Esmtp timeout 3600

details in 'ESMTP Support for Cisco IOS Firewall'

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gt_esmtp.htm link

I recomend more advances - the latest solution.

BTW for Cisco devices cfg can be used

Telconi Terminal http://www.telconi.com/mdown.html

(No installation required)

Go to solution
peterauld
Level 1
Level 1
In response to S_Andrzej_2

‎01-25-2005 11:28 PM

Thanks.

This solved the problem. I can now send e-mails again.

And thats a really nice program as well. Thanks for that too.

Peter

Go to solution
S_Andrzej_2
Level 1
Level 1
In response to peterauld

‎01-26-2005 09:56 AM

Nice to see

Thank you for feedback

tx for rating

0 Helpful
Customers Also Viewed These Support Documents