Solved

setting up SMTP redirect on Cisco 1841 router

Posted on 2008-10-07
5
2,153 Views
Last Modified: 2012-05-05
I'm having trouble setting up SMTP redirect on a 1841 router. Basic configuratation. One external IP, 1841 setup as DHCP server handing out IPs in the 10.0.0.40- 10.0.0.254 range. I just need to have any SMTP traffic from the internal range sent to our ISP's SMTP server at 206.47.199.115.

Got frustrated and started over from scratch and will wait on the experts to tell me where to go from here. Running-config is below
Building configuration...
 
Current configuration : 3324 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname hotelguests
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$7Q/b$BM5wTp0koeW2duZGFRt4M0
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -4
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.39
!
ip dhcp pool sdm-pool1
   import all
   network 10.0.0.0 255.255.255.0
   dns-server 142.177.xxx.xxx 142.177.xxx.xxx 
   default-router 10.0.0.1 
!
!
no ip bootp server
ip domain name mydomain.com
ip name-server 142.177.xxx.xxx
ip name-server 142.177.xxx.xxx
!
username myname privilege 15 secret 5 $1$hzs4$dL8Nrn6rEJsZ.QYWqSb0R/
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 10.0.0.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $ES_WAN$$FW_OUTSIDE$
 ip address 142.176.xxx.xxx 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 142.176.xxx.xxx permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end

Open in new window

0
Comment
Question by:huntleyj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22659924
If you are talking about outgoing SMTP going to your ISP, this isn't handled on the router but rather on the SMTP relay portion of your mail application.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22660015
Or, are you looking to restrict outgoing SMTP to only your ISP's server?
0
 
LVL 3

Author Comment

by:huntleyj
ID: 22660318
Looking to redirect all outgoing SMTP traffic to our ISP.
Scenario:
Guest A has his email client setup to use Verizon's SMTP server. Unfortunatley Verizon's SMTP server is not accessable from our ISP's network. Therefore I have to redirect all outbound SMTP traffic to our ISPs SMTP server or else User A will not be able to send e-mails.
This is for a hotel so having every guest change thier SMTP setting in their e-mail client is not really an option.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22661375
You can try using "Outside NAT" with an access-list matching the SMTP port but I've never tried this so I can't guarantee success.

Try adding this (leave your current NAT config alone):

conf t
ip access-list ext nat-smtp
deny <your internal SMTP servers if applicable>
permit tcp any any eq 25
permit tcp any eq 25 any

ip nat pool isp-smtp 206.47.199.115 206.47.199.115 netmask 255.255.255.0
ip nat outside source list nat-smtp pool isp-smtp

Couple things to note:

If your ISP does any kind of authentication, it won't work.  Also, if anything is in the SMTP Payload of the packet that is significant to their ISP, it may not work.
0
 
LVL 3

Author Closing Comment

by:huntleyj
ID: 31503857
Sweeet. Worked like a charm!
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question