Solved: What are default opening ports on cisco ios-xe

iniestha.aung · ‎01-30-2020

Hi Team,

I am troubleshooting on one of my customer network.

Issue is that not able to sent email out from samsung flip tv when they are on their network. But they are able to when they are on on other network..

Error is " unable to connect to the server " .

============================================

Gmail server setting on samsung flip tv as following :

SMTP Server Name : smtp.gmail.com

SMTP Port Number : 465

SSL/TLS : don't use

Default Account : abc@gmail.com

Password : xxxxxxxx

Recipient Address : Auto Save

Sender Authentication : Default Account.

=======================================

I would like to know what is default opening port for smtp . What ports do i need to enable/port-map ?

I will attached here my router's config as well.

========================================

C900#sho run
Building configuration...

Current configuration : 6346 bytes
!
! Last configuration change at 16:59:26 SGT Fri Jan 17 2020 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C3900
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone SGT 8 0
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 10.10.0.1 10.10.0.99
ip dhcp excluded-address 10.10.1.187
!
ip dhcp pool mgmt
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.8.4.4

lease 0 3
!
ip dhcp pool Customer-LAN
import all
network 10.10.0.0 255.255.252.0
default-router 10.10.0.1
dns-server 8.8.4.4
lease 0 3
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!

license udi pid C3900-SPE100/K9 sn
!
!
username admin privilege 15 secret 5 $1$0Lo5$gQ4ERThXEtedaeAYh2jIH0
!
redundancy
!
!
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address x.x..x.x 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description Management-LAN
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
description Customer-LAN
encapsulation dot1Q 2
ip address 10.10.0.1 255.255.252.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.1.187 465 interface GigabitEthernet0/0 465
ip route 0.0.0.0 0.0.0.0 129.126.72.33
!
logging host x.x.x.x
!

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.10.0.0 0.0.3.255

access-list 110 remark Allow_Access
access-list 110 permit ip any host 118.189.163.162
access-list 110 permit tcp 210.x.0.0 0.0.0.255 any eq 22
access-list 110 permit tcp 203.x.x.0 0.0.0.255 any eq 22
access-list 110 permit tcp 203.x.x.0 0.0.0.255 any eq 22
access-list 110 permit tcp 203.x.x.0 0.0.0.255 any eq 22
access-list 110 permit tcp 203.x.x.x 0.0.0.15 any eq 22

access-list 110 deny tcp any any eq 22
access-list 110 permit icmp 210.x.0.0 0.0.0.255 any
access-list 110 permit icmp 203.x.x.0 0.0.0.255 any
access-list 110 permit icmp 203.x.x.0 0.0.0.255 any
access-list 110 permit icmp 203.x.x.0 0.0.0.255 any
access-list 110 permit icmp 203.x.x.x 0.0.0.15 any
access-list 110 permit icmp any any echo-reply
access-list 110 deny icmp any any
access-list 110 deny tcp any any eq ftp
access-list 110 permit ip any any
!
control-plane
!
!
no vstack
banner login ^CCCCCCC
+=====================================================================+
+ + !!!! WARNING !!!! + +
+=====================================================================+
This system is for the use of authorized personnel only. Individuals
using this network without authority, or in excess of their authority,
are subject to legal action.
+=====================================================================+
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 110 in
privilege level 15
logging synchronous
login local
transport preferred ssh
transport input ssh
line vty 5 15
access-class 110 in
privilege level 15
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp server 203.211.159.1
!
end

Thank you.

Iniestha

marce1000 · ‎01-30-2020

- The problem is probably not related to the 'local switch' nor it's configuration and or open ports. The host should be able to brake out to the intended gmail smtp service. This must be verified by checking the Internet access rules and capabilities for the intended host and or firewalling policies (e.g.).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎01-30-2020

- The problem is probably not related to the 'local switch' nor it's configuration and or open ports. The host should be able to brake out to the intended gmail smtp service. This must be verified by checking the Internet access rules and capabilities for the intended host and or firewalling policies (e.g.).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '