If you have nothing blocking access to your mail server but SMTP still doesn't work why do you think the router is the issue?? Could it be the mail server????
Dave Ray Brehm wrote: > > Steven A. Ridder wrote: > > >Try removing the access lists next. I can't see how POP get's in and smtp > >dosen't, especially with CBAC off now. > > > I removed all access control from the interface and I still get the same > problem. > I'm going to test it on another router then I'm going after cisco with > this one. > Thanks for your help > > > > > > >""MADMAN"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > >>Ray Brehm wrote: > >> > >>>MADMAN wrote: > >>> > >>>>Yes I have run into problems defining http also. The bottom line is I > >>>>now only "inspect" TCP, UDP and FTP. These cover all the others > >>>> > >without > > > >>>>breaking them!!! > >>>> > >>>thanks for the heads up > >>>I just updated IOS to v12.2.6a (I know I'm crazy but I might want > >>>cisco's support) > >>>what version of IOS have these problems? > >>> > >> I know it wasn't in 12.2!! As i said before, I don't think it's doing > >>anything cept eating up NVRAM when you add, for example, inspect http > >>when tcp covers http. > >> > >> Dave > >> > >>>> Dave > >>>> > >>>>"Steven A. Ridder" wrote: > >>>> > >>>>>The CBAC dosen't understand ESMTP commands I think. Don't watch smtp > >>>>> > >on > > > >>>>>CBAC. I ran into that problem before. > >>>>> > >>>>>""Ray Brehm"" wrote in message > >>>>>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>>>> > >>>>>>I have a 2621 with IOS IP/FW that I'm unable to connect through to > >>>>>> > >the > > > >>>>>>inside SMTP server. I can connect to that same server using POP3 with > >>>>>> > >no > > > >>>>>>errors. The inside device is a static NAT. The port appears open when > >>>>>> > >I > > > >>>>>>port scan the IP address but I get TCP errors when trying to send > >>>>>> > >mail. > > > >>>>>>Any ideas? Did I miss something stupid? > >>>>>>Is the fact that I have multiple "nat inside" interfaces relevant is > >>>>>>this situation? (I've never known it to make a difference) > >>>>>> > >>>>>>Relevant config: > >>>>>> > >>>>>>ip inspect name firewall http > >>>>>>ip inspect name firewall ftp > >>>>>>ip inspect name firewall netshow > >>>>>>ip inspect name firewall realaudio > >>>>>>ip inspect name firewall rtsp > >>>>>>ip inspect name firewall smtp > >>>>>>ip inspect name firewall tcp > >>>>>>ip inspect name firewall udp > >>>>>> > >>>>>>interface FastEthernet0/0 > >>>>>>ip address 10.1.0.1 255.255.255.0 > >>>>>>ip nat inside > >>>>>>speed 10 > >>>>>>full-duplex > >>>>>>ntp broadcast > >>>>>>bridge-group 1 > >>>>>>! > >>>>>>interface Serial0/0 > >>>>>>ip address 10.1.12.1 255.255.255.0 > >>>>>>ip nat inside > >>>>>>bridge-group 1 > >>>>>>! > >>>>>>interface FastEthernet0/1 > >>>>>>ip address 12.42.189.2 255.255.255.240 > >>>>>>ip access-group 103 in > >>>>>>ip nat outside > >>>>>>ip inspect firewall out > >>>>>>duplex auto > >>>>>>speed auto > >>>>>>! > >>>>>>interface Serial0/1 > >>>>>>ip address 10.1.13.1 255.255.255.0 > >>>>>>ip nat inside > >>>>>>bridge-group 1 > >>>>>>! > >>>>>>router eigrp 100 > >>>>>>redistribute static metric 384 255 255 1 1500 > >>>>>>network 10.0.0.0 > >>>>>>auto-summary > >>>>>>no eigrp log-neighbor-changes > >>>>>>! > >>>>>>ip nat inside source list 18 interface FastEthernet0/1 overload > >>>>>>ip nat inside source static 10.1.0.4 12.42.189.4 > >>>>>>ip classless > >>>>>>ip route 0.0.0.0 0.0.0.0 12.42.189.1 > >>>>>>! > >>>>>>logging history debugging > >>>>>>logging 10.1.0.3 > >>>>>>access-list 18 permit 10.1.0.0 0.0.255.255 > >>>>>>access-list 101 permit tcp any any ack > >>>>>>access-list 101 permit udp any any > >>>>>>access-list 101 permit icmp any any > >>>>>>access-list 103 permit tcp any host 12.42.189.4 eq smtp > >>>>>>access-list 103 permit tcp any host 12.42.189.4 eq pop3 > >>>>>>bridge 1 protocol ieee -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29884&t=29794 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
