Help me pls,
Clients cant connect any more to pop.gmail.com/995, at the same time from another vlan the same network, connection can be established without any problem(from Windows server). Clients can connect to other mail servers on port 995 or 587 without any problem except gmail. What can be the problem?
description Link to ISP
ip address 89.x.x.x 255.255.255.252
ip access-group FW in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no cdp enable
no ip address
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
encapsulation dot1Q 7
ip address 192.168.7.1 255.255.255.0
ip nat inside
encapsulation dot1Q 10 native
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip nat inside source list 50 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.7.3 25 89.X.X.X 25 extendable
ip nat inside source static tcp 192.168.7.3 443 89.X.X.X 443 extendable
ip nat inside source static tcp 192.168.7.3 587 89.X.X.X 587 extendable
ip nat inside source static tcp 192.168.7.3 995 89.X.X.X 995 extendable
ip nat inside source static tcp 192.168.7.3 3389 89.X.X.X 7777 extendable
ip route 0.0.0.0 0.0.0.0 89.X.X.X
ip access-list extended FW
permit tcp any host 89.X.X.X eq 22
permit tcp any host 89.X.X.X established
permit udp any host 89.X.X.X eq ntp
permit tcp any host 89.X.X.X eq 587
permit udp any any gt 1024
permit tcp any host 89.X.X.X eq 7777
permit udp any host 89.X.X.X eq domain
permit tcp any host 89.X.X.X eq 995
permit tcp any host 89.X.X.X eq smtp
permit tcp any host 89.X.X.X eq 443
deny ip any any log
access-list 50 permit 192.168.10.0 0.0.0.255
access-list 50 permit 192.168.3.0 0.0.0.255
access-list 50 permit 192.168.7.0 0.0.0.255
can you test from a client if: telnet pop.gmail.com 995 works from a dos box?
I m asking this because yesterday i spend 2 hours looking for a network issue with pop.gmail.com, and in the end it turned out to be Google blocking this user account.
telnet pop.gmail.com 995 was working when i troubeshooted and futher checks did not seem point to a problem in our network.
I tested it.
No, It dont work. Only from the server i can connect to pop.gmail.com 995. From client it return an error(cant connect).
From the router everything is ok.
#telnet 126.96.36.199 995 /source-interface fastEthernet 0/1.3
Trying 188.8.131.52, 995 ... Open
my guess the clients are in subnet 192.168.7 and in what subnet is the windows server? 192.168.3 ?
And can you check
- show ip nat statistics
- show ip nat translations
The problem was in ESW-520 image 2.1.16. I configured unused port on the switch the same way and now everything is ok even gmail. And strange thing after I perform cold restart of the switch the problem is persistant on the previous port, but new configured port is ok. There is another image 2.1.19 and maybe new image will be ok. I'll try to upgrade the switch. Does any one knows what happens with switch's configuration after upgrade?
glad you found the issue. I was thinking maybe the nat translation table got messed up.
The config should be no problem after upgrade but you should check the rel. notes to see if any command is changed (or superseded) If so, i can impact the config.
Usually the configuration gets tranfer onto your new IOS ver.. recently I have upgraded a router end that was the case... you might get ask if you want to save the config. from the oldr ver.; however you might want to back-up your config. file..
Is your problem resolved now?
If not, go to Quality of service > advanced mode > policy binding and delete the access ports of the switch.
Restart outlook and then try, it should work.