?
Solved

setting up SMTP redirect on Cisco 1841 router

Posted on 2008-10-07
5
Medium Priority
?
2,186 Views
Last Modified: 2012-05-05
I'm having trouble setting up SMTP redirect on a 1841 router. Basic configuratation. One external IP, 1841 setup as DHCP server handing out IPs in the 10.0.0.40- 10.0.0.254 range. I just need to have any SMTP traffic from the internal range sent to our ISP's SMTP server at 206.47.199.115.

Got frustrated and started over from scratch and will wait on the experts to tell me where to go from here. Running-config is below
Building configuration...
 
Current configuration : 3324 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname hotelguests
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$7Q/b$BM5wTp0koeW2duZGFRt4M0
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -4
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.39
!
ip dhcp pool sdm-pool1
   import all
   network 10.0.0.0 255.255.255.0
   dns-server 142.177.xxx.xxx 142.177.xxx.xxx 
   default-router 10.0.0.1 
!
!
no ip bootp server
ip domain name mydomain.com
ip name-server 142.177.xxx.xxx
ip name-server 142.177.xxx.xxx
!
username myname privilege 15 secret 5 $1$hzs4$dL8Nrn6rEJsZ.QYWqSb0R/
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 10.0.0.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $ES_WAN$$FW_OUTSIDE$
 ip address 142.176.xxx.xxx 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 142.176.xxx.xxx permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end

Open in new window

0
Comment
Question by:huntleyj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22659924
If you are talking about outgoing SMTP going to your ISP, this isn't handled on the router but rather on the SMTP relay portion of your mail application.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22660015
Or, are you looking to restrict outgoing SMTP to only your ISP's server?
0
 
LVL 3

Author Comment

by:huntleyj
ID: 22660318
Looking to redirect all outgoing SMTP traffic to our ISP.
Scenario:
Guest A has his email client setup to use Verizon's SMTP server. Unfortunatley Verizon's SMTP server is not accessable from our ISP's network. Therefore I have to redirect all outbound SMTP traffic to our ISPs SMTP server or else User A will not be able to send e-mails.
This is for a hotel so having every guest change thier SMTP setting in their e-mail client is not really an option.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 22661375
You can try using "Outside NAT" with an access-list matching the SMTP port but I've never tried this so I can't guarantee success.

Try adding this (leave your current NAT config alone):

conf t
ip access-list ext nat-smtp
deny <your internal SMTP servers if applicable>
permit tcp any any eq 25
permit tcp any eq 25 any

ip nat pool isp-smtp 206.47.199.115 206.47.199.115 netmask 255.255.255.0
ip nat outside source list nat-smtp pool isp-smtp

Couple things to note:

If your ISP does any kind of authentication, it won't work.  Also, if anything is in the SMTP Payload of the packet that is significant to their ISP, it may not work.
0
 
LVL 3

Author Closing Comment

by:huntleyj
ID: 31503857
Sweeet. Worked like a charm!
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question