Cisco Community
English
Register
ANNOUNCEMENT - Security Restructure has finished!. Email and Web Notifications are ON now - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
984
Views
10
Helpful
6
Replies
Highlighted
de fl
de fl Beginner
Beginner
‎01-15-2015 01:03 PM
‎01-15-2015 01:03 PM

NAT port 25 to 587 for an SMTP application

We have 2 network devices that use open relay (port 25, no authentication) to send status emails.  Our internal mail server requires authentication to send email over port 25.  How can we get these 2 devices to send email.  Can I forward the port 25 requests from the devices to port 587 on the mail server?  

Labels:
Everyone's tags (1)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Jon Marshall
Hall of Fame Guru Jon Marshall Hall of Fame Guru
Hall of Fame Guru
‎01-15-2015 01:42 PM
‎01-15-2015 01:42 PM

Unfortunately that switch

Unfortunately that switch doesn't support NAT.

So unless you can insert a device that can between the clients and server you are not going to be able to do it, at least from a network perspective.

Jon

View solution in original post

0 Helpful
Reply
6 REPLIES 6
Highlighted
Jon Marshall
Hall of Fame Guru Jon Marshall Hall of Fame Guru
Hall of Fame Guru
‎01-15-2015 01:19 PM
‎01-15-2015 01:19 PM

If you are asking can you

If you are asking can you translate the port then if you have the right equipment then yes.

If you are asking whether sending it to port 587 will mean the e-mail is accepted then no idea :-)

Assuming the first is there a router between the mail server you want to send the e-mails to and those sending the e-mails.

Need to understand the network layout.

Jon

Reply
Highlighted
de fl
de fl Beginner
Beginner
‎01-15-2015 01:28 PM
‎01-15-2015 01:28 PM

Thanks Jon!  We are trying to

Thanks Jon!  We are trying to translate the port.  Both devices are internal.  The devices are on separate subnets with a Layer 3 switch in between, which is doing the routing.  

 

0 Helpful
Reply
Highlighted
Jon Marshall
Hall of Fame Guru Jon Marshall Hall of Fame Guru
Hall of Fame Guru
‎01-15-2015 01:31 PM
‎01-15-2015 01:31 PM

What is the L3 switch ie.

What is the L3 switch ie. what model.

The majority of L3 switches do not support NAT so you may be out of luck unless you can insert a firewall/router in between.

Jon

Reply
Highlighted
de fl
de fl Beginner
Beginner
‎01-15-2015 01:39 PM
‎01-15-2015 01:39 PM

Its a WS-C4900M running

Its a WS-C4900M running cat4500e-ipbase-mz.122-46

0 Helpful
Reply
Highlighted
Jon Marshall
Hall of Fame Guru Jon Marshall Hall of Fame Guru
Hall of Fame Guru
‎01-15-2015 01:42 PM
‎01-15-2015 01:42 PM

Unfortunately that switch

Unfortunately that switch doesn't support NAT.

So unless you can insert a device that can between the clients and server you are not going to be able to do it, at least from a network perspective.

Jon

View solution in original post

0 Helpful
Reply
Highlighted
Karsten Iwen
VIP Mentor Karsten Iwen VIP Mentor
VIP Mentor
‎01-15-2015 02:10 PM
‎01-15-2015 02:10 PM

Your plan is the using the

Your plan is using the wrong tool for this tasks. For SMTP (TCP/25) authentication is optional and the mail-server could be configured to accept mails based on the source address of the two network-devices. But for submission (TCP/587) there MUST be an authentication (thats mandated by the RFC 4409). So you will also end up with the need to authenticate.

Have you also checked if you can upgrade the devices? Perhaps a newer software is capable of smtp-auth.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor
or share a meal with a hungry child.
0 Helpful
Reply
Latest Contents
Customer Connection Briefing - Cisco DNA: How to Best Drive ...
Created by Kelsy Tibshraeny on 02-24-2020 10:18 AM
0
0
0
0
Membership in the Cisco Customer Connection program is required to attend.  Registration is free and easy to complete.  During registration, choose the Networking track.  Once your membership is approved, you'll be able to register for this... view more
Customer Connection Briefing - Cisco DNA: Segmentation & Pol...
Created by Kelsy Tibshraeny on 02-24-2020 10:14 AM
0
0
0
0
Membership in the Cisco Customer Connection program is required to attend.  Registration is free and easy to complete.  During registration, choose the Networking track.  Once your membership is approved, you'll be able to register for this... view more
Customer Connection Briefing - Cisco DNA: Security Integrati...
Created by Kelsy Tibshraeny on 02-24-2020 10:12 AM
0
0
0
0
Membership in the Cisco Customer Connection program is required to attend.  Registration is free and easy to complete.  During registration, choose the Networking track.  Once your membership is approved, you'll be able to register for this... view more
Smart Software Manager On-Prem Release 7 deployment failur...
Created by renjithg on 02-24-2020 06:54 AM
1
5
1
5
  Introduction This document describes the solution to the problem that occurs when Smart Software Manager On-Prem 7.x  Cerberus ip address conflict with internal ip address subnet. Cerberus IP is currently hardcoded in 3 places.  F... view more
SD-Access Hitless Authentication
Created by ldanny on 02-19-2020 12:55 AM
0
0
0
0
Introduction Currently when changing the Authentication Template under the Onboarding section, there is no choice but to remove SGTs, VNs and IP Pools which clearly disrupt existing services. Hitless Authentication was introduced in Cisco DNA Center 1.3... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad