Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1158
Views
0
Helpful
11
Replies

Config router and NAT for exchange

khhhhhhhh957
Level 1
Level 1

‎01-05-2017 11:29 PM - edited ‎03-08-2019 08:49 AM

Hi,

Here is my problem :

I can send emails with exchange but I do not receive any mail and I do not have access to owa from the outside ..

Do you have any idea of ​​the problem?

Labels:
Preview file
7 KB
0 Helpful
11 Replies 11

Pranay Prasoon
Level 3
Level 3

‎01-05-2017 11:53 PM

is this the static NAT? Are you getting emails from outside on port 587?

ip nat inside source static tcp 192.168.0.205 25 217.11.45.106 587
0 Helpful

khhhhhhhh957
Level 1
Level 1
In response to Pranay Prasoon

‎01-06-2017 12:06 AM

Yes,

Here is the old configuration of my non-cisco router on which I based

Preview file
1683 KB
0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to khhhhhhhh957

‎01-06-2017 12:20 AM

Hi,

I would first suggest to take capture or test acl on outside interface in ingress direction on port 587 with log keyword and see if the traffic is coming. The NAT will only work if smtp traffic coming from outside is in dst port 587.

Tx

0 Helpful

paul driver
VIP
VIP
In response to Pranay Prasoon

‎01-06-2017 01:09 AM

Hello

To add to Pranay comments

ip nat inside source static tcp 192.168.0.205 25 217.11.45.106 587 extendable
ip access-list extended DATA
 permit icmp 192.168.0.0 0.0.0.255 any
 permit tcp 192.168.0.0 0.0.0.255 any eq www 443 587 smtp 9233 389 443 587 1434 <---- Should be above

ip access-list extended LAN
 permit icmp any any
 permit tcp 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255 eq www 443 587 smtp 9233 389 443 587 1434 <---- Should be above

route-map PBR permit 10
 match ip address DATA
 set ip next-hop 217.11.45.105 <---- what is this?

You have PBR going to 217.11.45.105 but your inside gloabl nat is 217.11.45.106, and these access-lists are the wrong way around, the more specific ACEs needs to be higher up in the stanza

First of all try amending your acl
ip access-list extended DATA
no 10
30 permit icmp 192.168.0.0 0.0.0.255 any
exit
ip access-list extended LAN
no 10
30 permit icmp any any
exit
ip access-list resequence DATA 10 10
ip access-list resequence LAN 10 10

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

khhhhhhhh957
Level 1
Level 1
In response to paul driver

‎01-06-2017 01:35 AM

Hi,

Thank you very much for your help.

This is my schéma and my configuration file. 

Do you think the configuration is ok with respect to the schema. ?

Everything seems to work except port forwarding

Preview file
76 KB
0 Helpful

khhhhhhhh957
Level 1
Level 1
In response to khhhhhhhh957

‎01-06-2017 01:36 AM

And this is my config file

Preview file
8 KB
0 Helpful

paul driver
VIP
VIP
In response to khhhhhhhh957

‎01-06-2017 05:55 AM

Hello

You have a next-hop address of 217.11.45.106 however in you PBR stanza next hop is stating 217.11.45.105

route-map PBR permit 10
 match ip address DATA
 set ip next-hop 217.11.45.105 <---- what is this?

res
paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

khhhhhhhh957
Level 1
Level 1
In response to paul driver

‎01-06-2017 06:03 AM

The 105 is the ip address of the modem and the 106 is that of the router

0 Helpful

paul driver
VIP
VIP
In response to khhhhhhhh957

‎01-06-2017 08:27 AM

Hello 

so your next hop is .106 -

can you please try changing the route-map next hop statement to .106

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

khhhhhhhh957
Level 1
Level 1
In response to paul driver

‎01-06-2017 09:32 AM

Hello

Thank you for your response. 

I also have to change that of the default route? ip route 0.0.0.0 0.0.0.0 217.11.40.105 to ip route 0.0.0.0 0.0.0.0 217.11.40.106 ?

0 Helpful

paul driver
VIP
VIP
In response to khhhhhhhh957

‎01-06-2017 09:53 AM

Hello

please revert those changes - I have just noticed your attched file of router3

it shows two outside  interfaces with one dhcp enabled and two default static with no preference  between them

once you have reverted those changes can you do your this:

No ip route 0.0.0.0 0.0.0.0 192.1681.1

ip route 0,0,0,0 0.0.0.0 dhcp

then can you confirm which default if any should be the preferred path 

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card