chuck_v
asked on
Cisco Config not processing internal webmail script
Cisco 1700 serries router performing NAT to an internal web server / email server.
for some reason, an webmail script, when being processed cannot find the email server which is on the same device as the script .. eg, the web host server consists of .. MS Windows 2003 / IIS / 3rd Party email server
for some reason, an webmail script, when being processed cannot find the email server which is on the same device as the script .. eg, the web host server consists of .. MS Windows 2003 / IIS / 3rd Party email server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
wow, that was simple...
i will give this a shot tonight and advise how it goes
quick question though, if i do modify the host file with the entry above, would it not effect the packet to always goto 192.4168.0.11? when it should be sending out to the external IP address? just worried about those who send an email from say .. hotmail .. to an email address of which i maintain, will the server just keep looping trying to find mail server?
thanks Irmoore
i will give this a shot tonight and advise how it goes
quick question though, if i do modify the host file with the entry above, would it not effect the packet to always goto 192.4168.0.11? when it should be sending out to the external IP address? just worried about those who send an email from say .. hotmail .. to an email address of which i maintain, will the server just keep looping trying to find mail server?
thanks Irmoore
ASKER
didnt get a chance to update the host file.. will do it tonight .. but i dont think it help the external users (web site) as it would only look for local address .. and when say i do modify the host, the external users (web sites) would not have 192.168.0.11 as my local machine, and not theirs
also, i did telnet into 192.168.0.11 25 and i did get a response from within that machine
also, i did telnet into 192.168.0.11 25 and i did get a response from within that machine
ASKER
well, did the local host file thing, and it worked
odd, but ok .. cheers for that
odd, but ok .. cheers for that
ASKER
ok, as per above, i have an single windows box that handles IIS / DNS / 3rd party email server
now, i am sure you guys will ask if my email server works, and yes, it does. note the following below
1) you can send an email to any hosted domain i have and i WILL receive it.
2) i can send an email to anyone on the internet via my hosted email accounts with no issues
issue,
i have a webmail script (url http://www.aais.com.au/cdosys.asp). this just sends a test email to admin@aais.com.au which resides on mail.aais.com.au (and yes, this email account works (as per above)). HOWEVER, this script cannot find the email server which is on the same box.
so to add more detail, if i use a machine (other than the server) to telnet into the SMTP server (mail.aais.com.au), i will get a response. if i telnet from the SERVER itself and do the same thing, telnet mailaais.com.au, i get cannot find server.
the questions below have been asked before (from other locations other than EE) and i have answered them.. see below
(3) When you type in http://www.aais.com.au on your internal network you hit your router http page instead of your server.
correct. unless i modify my host file. THIS has now been rectified as my cisco config script has been changed to suit this.
(2) Your DNS server points for xxx.aais.com.au at your external IP
correct .. all dns entries are external IP's
(1) You have your own DNS/WEB/Email server sitting on the internal network at 192.168.0.11
correct, all services residing on the same box .. hence all my forwards to the one box
i am for certain this is NOT a server issue. this is (from opinions) a cisco config routing issue. i have included said config below for your review and comment's where available.
--- CICSO 1700 CONFIG SCRIPT ---
interface ATM0/0
description +++ CONNECTION TO ISP +++
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0/0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0/0
description +++ LAN +++$ETH-LAN$$FW_INSIDE$
ip address 192.168.0.2 255.255.255.0
ip broadcast-address 192.168.0.255
ip access-group 100 in
ip nat inside
speed auto
full-duplex
no cdp enable
!
interface Dialer1
description +++ Virtual Connection to ATM0/0 +++$FW_OUTSIDE$
ip address negotiated
ip access-group filter-inbound in
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname XXXXXXXXXXXX
ppp chap password XXXXXXXXXXXX
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source route-map FWD2WEBSITE interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.11 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.11 25 interface Dialer1 25
ip nat inside source static tcp 192.168.0.11 20 interface Dialer1 20
ip nat inside source static tcp 192.168.0.11 21 interface Dialer1 21
ip nat inside source static tcp 192.168.0.11 443 interface Dialer1 443
ip nat inside source static tcp 192.168.0.11 3200 interface Dialer1 3200
ip nat inside source static tcp 192.168.0.11 53 interface Dialer1 53
ip nat inside source static tcp 192.168.0.11 110 interface Dialer1 110
ip nat inside source static tcp 192.168.0.11 6080 interface Dialer1 6080
ip nat inside source static tcp 192.168.0.11 3389 interface Dialer1 3389
ip nat inside source static udp 192.168.0.11 53 interface Dialer1 53
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip access-list extended filter-inbound
permit tcp any any eq 3389
permit tcp any any eq ftp-data
permit tcp any any eq ftp
permit tcp any any eq 3200
permit tcp any any eq pop3
permit tcp any any eq smtp
permit tcp any any eq 6080
permit tcp any any eq 443
permit tcp any any eq www
permit udp any any eq domain
permit tcp any any eq domain
permit tcp any any established
permit udp host 192.231.203.2 eq domain any
permit udp host 192.231.203.3 eq domain any
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 255.255.255.255 any
deny ip host 0.0.0.0 any
deny udp any any
!
access-list 23 remark ********************
access-list 23 remark *** Local Access ONLY to Config
access-list 23 remark ********************
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 100 remark ********************
access-list 100 remark *** FE0/0 LAN
access-list 100 remark ********************
access-list 100 permit ip any any
access-list 102 remark ********************
access-list 102 remark *** Traffic NAT'ed
access-list 102 remark ********************
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark ********************
access-list 103 remark *** FWD2WEBSITE
access-list 103 remark ********************
access-list 103 permit ip 192.168.0.0 0.0.0.255 host 150.101.163.87
dialer-list 1 protocol ip permit
no cdp run
route-map FWD2WEBSITE permit 23
match ip address 103
set ip next-hop 192.168.0.11
--- END CONFIG ---
any help / assistance on rectifying this would be great
cheers
chuck