Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO 1600 Access list and nat problems

Status
Not open for further replies.
suanny

suanny

MIS
Jan 28, 2003
10
CA
hI,
I am trying to config a cisco 1600 and I am having some problems.

If I dont apply any access-list I can telnet ports 110,44337 and other ports, but port 25 I am not able to telnet it.
The reason fot telneting is to check if the ports are active for my email server.

I have some nat and I try to put some arguments and it does not do anything.

Can some one take a look at my configuration please?

version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

hostname xxxxxx

no logging console
enable secret ******
enable password ****

ip subnet-zero
ip name-server 199.244.211.110
ip name-server 208.244.171.12

vpdn enable
no vpdn logging

vpdn-group pppoe
request-dialin
protocol pppoe

interface Ethernet0
ip address 10.9.9.1 255.0.0.0

ip access-group 103 out
ip nat inside
no shutdown

interface Ethernet1
no ip address
no shutdown
no ip proxy-arp
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1

interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip access-group 1 out
no shutdown
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname *******
ppp chap password *******
ppp pap sent-username ****** password *****

ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.9.9.9 8080 interface Dialer1 8080
ip nat inside source static tcp 10.9.9.9 80 interface Dialer1 80
ip nat inside source static tcp 10.9.9.9 110 interface Dialer1 110
ip nat inside source static tcp 10.9.9.9 25 interface Dialer1 25
ip nat inside source static tcp 10.9.9.9 69 interface Dialer1 69
ip nat inside source static tcp 10.9.9.9 53 interface Dialer1 53
ip nat inside source static tcp 10.9.9.9 20 interface Dialer1 20
ip nat inside source static tcp 10.9.9.9 21 interface Dialer1 21
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server

access-list 1 permit 10.0.0.0 0.255.255.255


access-list 103 deny icmp any any log
access-list 103 deny ip 127.0.0.0 0.255.255.255 any log
access-list 103 deny ip 255.0.0.0 0.255.255.255 any log
access-list 103 deny ip 224.0.0.0 7.255.255.255 any log
access-list 103 deny ip 10.0.0.0 0.255.255.255 any log
access-list 103 deny ip host 0.0.0.0 any log
access-list 103 permit tcp any host 10.9.9.9 eq domain log
access-list 103 permit udp any host 10.9.9.9 eq domain
access-list 103 permit tcp any host 10.9.9.9 eq www
access-list 103 permit tcp any host 10.9.9.9 eq pop3
access-list 103 permit tcp any host 10.9.9.9 eq smtp
access-list 103 permit tcp any host 10.9.9.9 eq 69
access-list 103 permit tcp any host 10.9.9.9 eq 443
access-list 103 permit tcp any host 10.9.9.9 eq ftp-data
access-list 103 permit tcp any host 10.9.9.9 eq ftp
access-list 103 permit tcp any host 10.9.9.9 eq 995
access-list 103 permit tcp any host 10.9.9.9 eq 42
access-list 103 permit tcp any host 10.9.9.9 eq 44337
access-list 103 permit tcp any any eq smtp


end

thank you.
Suanny
 
Sort by date Sort by votes
Suanny,

Where are you telneting from? Which is the ip address of your PC?

 
Upvote 0 Downvote
hi fmonterio,
I am trying to telnet form the outside.
I dial up my ISP and then I try to get in my server and my router does not let me in.
when I take out all the ACLs I can only telnet port 110 and others but not 25.

Juan

 
Upvote 0 Downvote
Hi Juan,

Is this service (smtp) active in the server?

Is this an ADSL or a Cable connection?

Please post the output for the sh ip nat trans command.

I will take a look at this problem tomorrow morning.

Regards,


 
Upvote 0 Downvote
hi fmonterio,
I am trying to telnet form the outside.
I dial up my ISP and then I try to get in my server and my router does not let me in.
when I take out all the ACLs I can only telnet port 110 and others but not 25.

Suanny

 
Upvote 0 Downvote
Suanny,
Your static NAT translation points to a 10.9.9.9 ip address and so does your access-list while the sh ip nat translation points to the 10.9.1.11 ip address. Did you change your configuration? Could you explain this disagreement?
 
Upvote 0 Downvote
I change it before I put it on the net.
real 10.9.1.11 instead of 10.9.9.9.

Thanks
Suanny
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
221
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
201
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
203
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
206
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
263
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top